diff --git a/2007/2xxx/CVE-2007-2163.json b/2007/2xxx/CVE-2007-2163.json index 3b9fe639a00..6a9720f74cc 100644 --- a/2007/2xxx/CVE-2007-2163.json +++ b/2007/2xxx/CVE-2007-2163.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070417 Internet Explorer Crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466017/100/0/threaded" - }, - { - "name" : "20070417 Re: Internet Explorer Crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466043/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070417 Internet Explorer Crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466017/100/0/threaded" + }, + { + "name": "20070417 Re: Internet Explorer Crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466043/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2670.json b/2007/2xxx/CVE-2007-2670.json index 3fc4e8a5665..12fd7edded4 100644 --- a/2007/2xxx/CVE-2007-2670.json +++ b/2007/2xxx/CVE-2007-2670.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2007/05/phpchain-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2007/05/phpchain-vuln.html" - }, - { - "name" : "23761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23761" - }, - { - "name" : "35538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35538" - }, - { - "name" : "ADV-2007-1647", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1647" - }, - { - "name" : "25128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25128" - }, - { - "name" : "phpchain-settings-cat-path-disclosure(34019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2007/05/phpchain-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2007/05/phpchain-vuln.html" + }, + { + "name": "35538", + "refsource": "OSVDB", + "url": "http://osvdb.org/35538" + }, + { + "name": "ADV-2007-1647", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1647" + }, + { + "name": "23761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23761" + }, + { + "name": "phpchain-settings-cat-path-disclosure(34019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34019" + }, + { + "name": "25128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25128" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2771.json b/2007/2xxx/CVE-2007-2771.json index 9f394dad141..f73e4e7ca51 100644 --- a/2007/2xxx/CVE-2007-2771.json +++ b/2007/2xxx/CVE-2007-2771.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-18-leadtools-jpeg-2000-com.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-18-leadtools-jpeg-2000-com.html" - }, - { - "name" : "http://www.shinnai.altervista.org/moaxb/20070518/leadtxt.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/moaxb/20070518/leadtxt.html" - }, - { - "name" : "VU#440112", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/440112" - }, - { - "name" : "24040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24040" - }, - { - "name" : "36026", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36026" - }, - { - "name" : "ADV-2007-1868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1868" - }, - { - "name" : "25313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25313" - }, - { - "name" : "leadtools-jpeg2000-bo(34367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-18-leadtools-jpeg-2000-com.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-18-leadtools-jpeg-2000-com.html" + }, + { + "name": "http://www.shinnai.altervista.org/moaxb/20070518/leadtxt.html", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/moaxb/20070518/leadtxt.html" + }, + { + "name": "36026", + "refsource": "OSVDB", + "url": "http://osvdb.org/36026" + }, + { + "name": "VU#440112", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/440112" + }, + { + "name": "25313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25313" + }, + { + "name": "24040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24040" + }, + { + "name": "ADV-2007-1868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1868" + }, + { + "name": "leadtools-jpeg2000-bo(34367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34367" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3614.json b/2007/3xxx/CVE-2007-3614.json index df41d1a0d6f..4e5eb724028 100644 --- a/2007/3xxx/CVE-2007-3614.json +++ b/2007/3xxx/CVE-2007-3614.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to \"numerous other fields.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070705 SAP DB Web Server Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472891/100/0/threaded" - }, - { - "name" : "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/" - }, - { - "name" : "VU#679041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/679041" - }, - { - "name" : "24773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24773" - }, - { - "name" : "ADV-2007-2453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2453" - }, - { - "name" : "37838", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37838" - }, - { - "name" : "1018341", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018341" - }, - { - "name" : "25954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25954" - }, - { - "name" : "2867", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2867" - }, - { - "name" : "sapdb-wahttp-bo(35277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to \"numerous other fields.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-sap-db-web-server-stack-overflow/" + }, + { + "name": "1018341", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018341" + }, + { + "name": "sapdb-wahttp-bo(35277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35277" + }, + { + "name": "24773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24773" + }, + { + "name": "37838", + "refsource": "OSVDB", + "url": "http://osvdb.org/37838" + }, + { + "name": "20070705 SAP DB Web Server Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472891/100/0/threaded" + }, + { + "name": "2867", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2867" + }, + { + "name": "VU#679041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/679041" + }, + { + "name": "ADV-2007-2453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2453" + }, + { + "name": "25954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25954" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3795.json b/2007/3xxx/CVE-2007-3795.json index 4ed3fd91416..683dd3440fd 100644 --- a/2007/3xxx/CVE-2007-3795.json +++ b/2007/3xxx/CVE-2007-3795.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-020_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-020_e/index-e.html" - }, - { - "name" : "24907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24907" - }, - { - "name" : "ADV-2007-2536", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2536" - }, - { - "name" : "37850", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37850" - }, - { - "name" : "26045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26045" - }, - { - "name" : "hitachi-tp1serverbase-dos(35398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24907" + }, + { + "name": "ADV-2007-2536", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2536" + }, + { + "name": "37850", + "refsource": "OSVDB", + "url": "http://osvdb.org/37850" + }, + { + "name": "hitachi-tp1serverbase-dos(35398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35398" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-020_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-020_e/index-e.html" + }, + { + "name": "26045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26045" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4632.json b/2007/4xxx/CVE-2007-4632.json index 6a3844a4866..33047ab75cc 100644 --- a/2007/4xxx/CVE-2007-4632.json +++ b/2007/4xxx/CVE-2007-4632.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2E, 12.2F, and 12.2S places a \"no login\" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070829 VTY Authentication Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a00808ae4ca.html" - }, - { - "name" : "25482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25482" - }, - { - "name" : "oval:org.mitre.oval:def:5866", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2E, 12.2F, and 12.2S places a \"no login\" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25482" + }, + { + "name": "20070829 VTY Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808ae4ca.html" + }, + { + "name": "oval:org.mitre.oval:def:5866", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5866" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4759.json b/2007/4xxx/CVE-2007-4759.json index 46c2e36bc41..d3980918924 100644 --- a/2007/4xxx/CVE-2007-4759.json +++ b/2007/4xxx/CVE-2007-4759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html" - }, - { - "name" : "ADV-2007-3034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3034" - }, - { - "name" : "37858", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37858" - }, - { - "name" : "26538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37858", + "refsource": "OSVDB", + "url": "http://osvdb.org/37858" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html" + }, + { + "name": "26538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26538" + }, + { + "name": "ADV-2007-3034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3034" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6091.json b/2007/6xxx/CVE-2007-6091.json index 199bbf8d586..aa8f22d68e1 100644 --- a/2007/6xxx/CVE-2007-6091.json +++ b/2007/6xxx/CVE-2007-6091.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071117 JiRo´s Upload Manager SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483859/100/0/threaded" - }, - { - "name" : "26479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26479" - }, - { - "name" : "38740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38740" - }, - { - "name" : "38741", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38741" - }, - { - "name" : "27713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27713" - }, - { - "name" : "3384", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3384", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3384" + }, + { + "name": "26479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26479" + }, + { + "name": "20071117 JiRo´s Upload Manager SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483859/100/0/threaded" + }, + { + "name": "38740", + "refsource": "OSVDB", + "url": "http://osvdb.org/38740" + }, + { + "name": "38741", + "refsource": "OSVDB", + "url": "http://osvdb.org/38741" + }, + { + "name": "27713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27713" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6373.json b/2007/6xxx/CVE-2007-6373.json index 0e45f795081..aaf65089c33 100644 --- a/2007/6xxx/CVE-2007-6373.json +++ b/2007/6xxx/CVE-2007-6373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071209 SQL injection - GestDownV1.00Beta", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119730791316604&w=2" - }, - { - "name" : "26799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26799" - }, - { - "name" : "gestdown-multiple-scripts-sql-injection(38945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gestdown-multiple-scripts-sql-injection(38945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38945" + }, + { + "name": "20071209 SQL injection - GestDownV1.00Beta", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119730791316604&w=2" + }, + { + "name": "26799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26799" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1474.json b/2010/1xxx/CVE-2010-1474.json index 11b51591faa..ecce4bd74ff 100644 --- a/2010/1xxx/CVE-2010-1474.json +++ b/2010/1xxx/CVE-2010-1474.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlasweetykeeper-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlasweetykeeper-lfi.txt" - }, - { - "name" : "12182", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12182" - }, - { - "name" : "39399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39399" - }, - { - "name" : "39388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39388" - }, - { - "name" : "comsweetykeeper-controller-file-include(57662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39399" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlasweetykeeper-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlasweetykeeper-lfi.txt" + }, + { + "name": "comsweetykeeper-controller-file-include(57662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57662" + }, + { + "name": "12182", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12182" + }, + { + "name": "39388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39388" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1510.json b/2010/1xxx/CVE-2010-1510.json index 47f50ed127c..b439926051d 100644 --- a/2010/1xxx/CVE-2010-1510.json +++ b/2010/1xxx/CVE-2010-1510.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511275/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-42", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-42" - }, - { - "name" : "http://irfanview.com/main_history.htm", - "refsource" : "CONFIRM", - "url" : "http://irfanview.com/main_history.htm" - }, - { - "name" : "40105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40105" - }, - { - "name" : "64628", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64628" - }, - { - "name" : "oval:org.mitre.oval:def:7397", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7397" - }, - { - "name" : "39036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39036" - }, - { - "name" : "irfanview-rle-psd-bo(58549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40105" + }, + { + "name": "39036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39036" + }, + { + "name": "64628", + "refsource": "OSVDB", + "url": "http://osvdb.org/64628" + }, + { + "name": "irfanview-rle-psd-bo(58549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58549" + }, + { + "name": "20100512 Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511275/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2010-42", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-42" + }, + { + "name": "oval:org.mitre.oval:def:7397", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7397" + }, + { + "name": "http://irfanview.com/main_history.htm", + "refsource": "CONFIRM", + "url": "http://irfanview.com/main_history.htm" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1582.json b/2010/1xxx/CVE-2010-1582.json index fcbd10c0443..709a66c2e18 100644 --- a/2010/1xxx/CVE-2010-1582.json +++ b/2010/1xxx/CVE-2010-1582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1583.json b/2010/1xxx/CVE-2010-1583.json index 7a9dfbfc678..b3c9c1377a5 100644 --- a/2010/1xxx/CVE-2010-1583.json +++ b/2010/1xxx/CVE-2010-1583.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12452", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12452" - }, - { - "name" : "http://www.madirish.net/?article=456", - "refsource" : "MISC", - "url" : "http://www.madirish.net/?article=456" - }, - { - "name" : "http://www.taskfreak.com/versions.html", - "refsource" : "MISC", - "url" : "http://www.taskfreak.com/versions.html" - }, - { - "name" : "39793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39793" - }, - { - "name" : "taskfreak-loadbykey-sql-injection(58241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "taskfreak-loadbykey-sql-injection(58241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58241" + }, + { + "name": "39793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39793" + }, + { + "name": "12452", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12452" + }, + { + "name": "http://www.madirish.net/?article=456", + "refsource": "MISC", + "url": "http://www.madirish.net/?article=456" + }, + { + "name": "http://www.taskfreak.com/versions.html", + "refsource": "MISC", + "url": "http://www.taskfreak.com/versions.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0256.json b/2014/0xxx/CVE-2014-0256.json index 8e7b897483e..21be6bbcdca 100644 --- a/2014/0xxx/CVE-2014-0256.json +++ b/2014/0xxx/CVE-2014-0256.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka \"iSCSI Target Remote Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-028", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka \"iSCSI Target Remote Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-028", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-028" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0509.json b/2014/0xxx/CVE-2014-0509.json index 0651885a979..702e383766d 100644 --- a/2014/0xxx/CVE-2014-0509.json +++ b/2014/0xxx/CVE-2014-0509.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-09.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" - }, - { - "name" : "GLSA-201405-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" - }, - { - "name" : "RHSA-2014:0380", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0380.html" - }, - { - "name" : "SUSE-SU-2014:0535", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0520", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html" - }, - { - "name" : "openSUSE-SU-2014:0549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html" - }, - { - "name" : "66703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66703" - }, - { - "name" : "1030035", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-09.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" + }, + { + "name": "66703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66703" + }, + { + "name": "SUSE-SU-2014:0535", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html" + }, + { + "name": "GLSA-201405-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml" + }, + { + "name": "openSUSE-SU-2014:0520", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html" + }, + { + "name": "RHSA-2014:0380", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0380.html" + }, + { + "name": "openSUSE-SU-2014:0549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html" + }, + { + "name": "1030035", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030035" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0522.json b/2014/0xxx/CVE-2014-0522.json index 75b74a7051f..f2a29b4fc24 100644 --- a/2014/0xxx/CVE-2014-0522.json +++ b/2014/0xxx/CVE-2014-0522.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-15.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1356.json b/2014/1xxx/CVE-2014-1356.json index 4a22515395a..899a5c75950 100644 --- a/2014/1xxx/CVE-2014-1356.json +++ b/2014/1xxx/CVE-2014-1356.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6296", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6296" - }, - { - "name" : "APPLE-SA-2014-06-30-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030500", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030500" - }, - { - "name" : "59475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6296", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6296" + }, + { + "name": "APPLE-SA-2014-06-30-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "59475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59475" + }, + { + "name": "1030500", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030500" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1466.json b/2014/1xxx/CVE-2014-1466.json index 32ef2912900..b0f5f584fdd 100644 --- a/2014/1xxx/CVE-2014-1466.json +++ b/2014/1xxx/CVE-2014-1466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt" - }, - { - "name" : "64731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64731" - }, - { - "name" : "101867", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101867" - }, - { - "name" : "56348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56348" - }, - { - "name" : "cpsmysql-login-sql-injection(90210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101867", + "refsource": "OSVDB", + "url": "http://osvdb.org/101867" + }, + { + "name": "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt" + }, + { + "name": "64731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64731" + }, + { + "name": "56348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56348" + }, + { + "name": "cpsmysql-login-sql-injection(90210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90210" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5503.json b/2014/5xxx/CVE-2014-5503.json index 84caaeb1f33..8f3cf2a0f50 100644 --- a/2014/5xxx/CVE-2014-5503.json +++ b/2014/5xxx/CVE-2014-5503.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-329/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-329/" - }, - { - "name" : "http://kb.cyberoam.com/default.asp?id=3049", - "refsource" : "CONFIRM", - "url" : "http://kb.cyberoam.com/default.asp?id=3049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.cyberoam.com/default.asp?id=3049", + "refsource": "CONFIRM", + "url": "http://kb.cyberoam.com/default.asp?id=3049" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-329/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-329/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2753.json b/2015/2xxx/CVE-2015-2753.json index 9e308215d6a..a931cec6341 100644 --- a/2015/2xxx/CVE-2015-2753.json +++ b/2015/2xxx/CVE-2015-2753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150324 CVE Request: Multiple vulnerabilities in freexl 1.0.0g", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/25/1" - }, - { - "name" : "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/27/1" - }, - { - "name" : "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1", - "refsource" : "CONFIRM", - "url" : "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1" - }, - { - "name" : "DSA-3208", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3208" - }, - { - "name" : "GLSA-201606-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-15" - }, - { - "name" : "73330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201606-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-15" + }, + { + "name": "DSA-3208", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3208" + }, + { + "name": "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1", + "refsource": "CONFIRM", + "url": "https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1" + }, + { + "name": "[oss-security] 20150324 CVE Request: Multiple vulnerabilities in freexl 1.0.0g", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/25/1" + }, + { + "name": "73330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73330" + }, + { + "name": "[oss-security] 20150327 Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/27/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2796.json b/2015/2xxx/CVE-2015-2796.json index 3a97e8178e8..96121c0e579 100644 --- a/2015/2xxx/CVE-2015-2796.json +++ b/2015/2xxx/CVE-2015-2796.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", - "refsource" : "CONFIRM", - "url" : "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435" - }, - { - "name" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37", - "refsource" : "CONFIRM", - "url" : "https://github.com/Project-Pier/ProjectPier-Core/issues/37" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435", + "refsource": "CONFIRM", + "url": "https://github.com/Project-Pier/ProjectPier-Core/commit/74ecbd4e939a65ba643a4af05fbdb1bb66992435" + }, + { + "name": "https://github.com/Project-Pier/ProjectPier-Core/issues/37", + "refsource": "CONFIRM", + "url": "https://github.com/Project-Pier/ProjectPier-Core/issues/37" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2871.json b/2015/2xxx/CVE-2015-2871.json index b79cc2ac340..61cf03ca6bf 100644 --- a/2015/2xxx/CVE-2015-2871.json +++ b/2015/2xxx/CVE-2015-2871.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#360431", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/360431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#360431", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/360431" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6542.json b/2015/6xxx/CVE-2015-6542.json index 89c2bbecefb..17b95768026 100644 --- a/2015/6xxx/CVE-2015-6542.json +++ b/2015/6xxx/CVE-2015-6542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6542", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3403. Reason: This candidate is a reservation duplicate of CVE-2016-3403. Notes: All CVE users should reference CVE-2016-3403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6542", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3403. Reason: This candidate is a reservation duplicate of CVE-2016-3403. Notes: All CVE users should reference CVE-2016-3403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10006.json b/2016/10xxx/CVE-2016-10006.json index 66b901012a8..c12772c7433 100644 --- a/2016/10xxx/CVE-2016-10006.json +++ b/2016/10xxx/CVE-2016-10006.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nahsra/antisamy/issues/2", - "refsource" : "CONFIRM", - "url" : "https://github.com/nahsra/antisamy/issues/2" - }, - { - "name" : "95101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95101" - }, - { - "name" : "1037532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037532" + }, + { + "name": "https://github.com/nahsra/antisamy/issues/2", + "refsource": "CONFIRM", + "url": "https://github.com/nahsra/antisamy/issues/2" + }, + { + "name": "95101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95101" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10239.json b/2016/10xxx/CVE-2016-10239.json index 413a979dc1d..d45aff7cb51 100644 --- a/2016/10xxx/CVE-2016-10239.json +++ b/2016/10xxx/CVE-2016-10239.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm Products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Multiple Vulnerabilities in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm Products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97334" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple Vulnerabilities in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97334" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10707.json b/2016/10xxx/CVE-2016-10707.json index 37170ea7a41..50ca96db591 100644 --- a/2016/10xxx/CVE-2016-10707.json +++ b/2016/10xxx/CVE-2016-10707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jquery/jquery/issues/3133", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/issues/3133" - }, - { - "name" : "https://github.com/jquery/jquery/pull/3134", - "refsource" : "MISC", - "url" : "https://github.com/jquery/jquery/pull/3134" - }, - { - "name" : "https://snyk.io/vuln/npm:jquery:20160529", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/npm:jquery:20160529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jquery/jquery/issues/3133", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/issues/3133" + }, + { + "name": "https://snyk.io/vuln/npm:jquery:20160529", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:jquery:20160529" + }, + { + "name": "https://github.com/jquery/jquery/pull/3134", + "refsource": "MISC", + "url": "https://github.com/jquery/jquery/pull/3134" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4045.json b/2016/4xxx/CVE-2016-4045.json index 84301e83c98..efaba7f0603 100644 --- a/2016/4xxx/CVE-2016-4045.json +++ b/2016/4xxx/CVE-2016-4045.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160622 Open-Xchange Security Advisory 2016-06-22", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538732/100/0/threaded" - }, - { - "name" : "1036157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036157" + }, + { + "name": "20160622 Open-Xchange Security Advisory 2016-06-22", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4122.json b/2016/4xxx/CVE-2016-4122.json index ccd4e46da7c..ec5e54b3d3d 100644 --- a/2016/4xxx/CVE-2016-4122.json +++ b/2016/4xxx/CVE-2016-4122.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4314.json b/2016/4xxx/CVE-2016-4314.json index 59e0d1def82..34e3ac963a9 100644 --- a/2016/4xxx/CVE-2016-4314.json +++ b/2016/4xxx/CVE-2016-4314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-4314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160813 WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539200/100/0/threaded" - }, - { - "name" : "40240", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40240/" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html" - }, - { - "name" : "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098", - "refsource" : "CONFIRM", - "url" : "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098" - }, - { - "name" : "92473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html" + }, + { + "name": "92473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92473" + }, + { + "name": "40240", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40240/" + }, + { + "name": "20160813 WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539200/100/0/threaded" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt" + }, + { + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098", + "refsource": "CONFIRM", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4613.json b/2016/4xxx/CVE-2016-4613.json index 3a068e46cba..170d7a978da 100644 --- a/2016/4xxx/CVE-2016-4613.json +++ b/2016/4xxx/CVE-2016-4613.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207272", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207272" - }, - { - "name" : "https://support.apple.com/HT207273", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207273" - }, - { - "name" : "https://support.apple.com/HT207274", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207274" - }, - { - "name" : "93949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93949" - }, - { - "name" : "1037139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93949" + }, + { + "name": "https://support.apple.com/HT207273", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207273" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + }, + { + "name": "https://support.apple.com/HT207274", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207274" + }, + { + "name": "1037139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037139" + }, + { + "name": "https://support.apple.com/HT207272", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207272" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4658.json b/2016/4xxx/CVE-2016-4658.json index 6600d564083..3f65130722e 100644 --- a/2016/4xxx/CVE-2016-4658.json +++ b/2016/4xxx/CVE-2016-4658.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b" - }, - { - "name" : "https://support.apple.com/HT207141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207141" - }, - { - "name" : "https://support.apple.com/HT207142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207142" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" - }, - { - "name" : "APPLE-SA-2016-09-20-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" - }, - { - "name" : "GLSA-201701-37", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-37" - }, - { - "name" : "93054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93054" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207141" + }, + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "APPLE-SA-2016-09-20-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" + }, + { + "name": "APPLE-SA-2016-09-20-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" + }, + { + "name": "93054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93054" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + }, + { + "name": "GLSA-201701-37", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-37" + }, + { + "name": "https://support.apple.com/HT207142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207142" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4975.json b/2016/4xxx/CVE-2016-4975.json index 14e20b32765..af39f00abfb 100644 --- a/2016/4xxx/CVE-2016-4975.json +++ b/2016/4xxx/CVE-2016-4975.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-08-14", - "ID" : "CVE-2016-4975", - "STATE" : "PUBLIC", - "TITLE" : "mod_userdir CRLF injection" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)" - }, - { - "version_value" : "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "The issue was discovered by Sergey Bobrov" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." - } - ] - }, - "impact" : [ - { - "lang" : "eng", - "url" : "https://httpd.apache.org/security/impact_levels.html#moderate", - "value" : "moderate" - } - ], - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "(undefined)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-08-14", + "ID": "CVE-2016-4975", + "STATE": "PUBLIC", + "TITLE": "mod_userdir CRLF injection" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)" + }, + { + "version_value": "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180926-0006/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180926-0006/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" - }, - { - "name" : "105093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105093" - } - ] - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "The issue was discovered by Sergey Bobrov" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." + } + ] + }, + "impact": [ + { + "lang": "eng", + "url": "https://httpd.apache.org/security/impact_levels.html#moderate", + "value": "moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "(undefined)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180926-0006/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" + }, + { + "name": "105093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105093" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8613.json b/2016/8xxx/CVE-2016-8613.json index bded7ab3764..f7706dcfeb3 100644 --- a/2016/8xxx/CVE-2016-8613.json +++ b/2016/8xxx/CVE-2016-8613.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "foreman", - "version" : { - "version_data" : [ - { - "version_value" : "1.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "The Foreman Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "1.5.1" + } + ] + } + } + ] + }, + "vendor_name": "The Foreman Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613" - }, - { - "name" : "https://github.com/theforeman/foreman_remote_execution/pull/208", - "refsource" : "CONFIRM", - "url" : "https://github.com/theforeman/foreman_remote_execution/pull/208" - }, - { - "name" : "https://projects.theforeman.org/issues/17066/", - "refsource" : "CONFIRM", - "url" : "https://projects.theforeman.org/issues/17066/" - }, - { - "name" : "93859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://projects.theforeman.org/issues/17066/", + "refsource": "CONFIRM", + "url": "https://projects.theforeman.org/issues/17066/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613" + }, + { + "name": "93859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93859" + }, + { + "name": "https://github.com/theforeman/foreman_remote_execution/pull/208", + "refsource": "CONFIRM", + "url": "https://github.com/theforeman/foreman_remote_execution/pull/208" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8782.json b/2016/8xxx/CVE-2016-8782.json index cccff9a76f7..3b1267ab130 100644 --- a/2016/8xxx/CVE-2016-8782.json +++ b/2016/8xxx/CVE-2016-8782.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CloudEngine 12800", - "version" : { - "version_data" : [ - { - "version_value" : "CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800", + "version": { + "version_data": [ + { + "version_value": "CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en" - }, - { - "name" : "94941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en" + }, + { + "name": "94941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94941" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8958.json b/2016/8xxx/CVE-2016-8958.json index 2c48df18fcc..cca717564bf 100644 --- a/2016/8xxx/CVE-2016-8958.json +++ b/2016/8xxx/CVE-2016-8958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8958", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8958", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9395.json b/2016/9xxx/CVE-2016-9395.json index 2f0cbe35d18..7a307261074 100644 --- a/2016/9xxx/CVE-2016-9395.json +++ b/2016/9xxx/CVE-2016-9395.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161117 Re: jasper: multiple assertion failures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/17/1" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396977" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a" - }, - { - "name" : "SUSE-SU-2017:0084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html" - }, - { - "name" : "openSUSE-SU-2017:0101", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html" - }, - { - "name" : "94376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396977", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396977" + }, + { + "name": "SUSE-SU-2017:0084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html" + }, + { + "name": "94376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94376" + }, + { + "name": "[oss-security] 20161117 Re: jasper: multiple assertion failures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/17/1" + }, + { + "name": "openSUSE-SU-2017:0101", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00009.html" + }, + { + "name": "https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9429.json b/2016/9xxx/CVE-2016-9429.json index 1ef43434868..7cbd269546f 100644 --- a/2016/9xxx/CVE-2016-9429.json +++ b/2016/9xxx/CVE-2016-9429.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/29", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/29" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/issues/29", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/29" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9538.json b/2016/9xxx/CVE-2016-9538.json index 33680f9e396..50d8b4274f0 100644 --- a/2016/9xxx/CVE-2016-9538.json +++ b/2016/9xxx/CVE-2016-9538.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "94484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94484" - }, - { - "name" : "94753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94753" + }, + { + "name": "94484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94484" + }, + { + "name": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9712.json b/2016/9xxx/CVE-2016-9712.json index 3d8fa6b7038..43606d424f7 100644 --- a/2016/9xxx/CVE-2016-9712.json +++ b/2016/9xxx/CVE-2016-9712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2023.json b/2019/2xxx/CVE-2019-2023.json index 1c9c0856b75..587a33dd816 100644 --- a/2019/2xxx/CVE-2019-2023.json +++ b/2019/2xxx/CVE-2019-2023.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2023", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2023", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2287.json b/2019/2xxx/CVE-2019-2287.json index d7396f4ee7c..f6ac3254212 100644 --- a/2019/2xxx/CVE-2019-2287.json +++ b/2019/2xxx/CVE-2019-2287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2433.json b/2019/2xxx/CVE-2019-2433.json index a0ecc715e6a..83afa7362cd 100644 --- a/2019/2xxx/CVE-2019-2433.json +++ b/2019/2xxx/CVE-2019-2433.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - }, - { - "version_affected" : "=", - "version_value" : "8.57" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + }, + { + "version_affected": "=", + "version_value": "8.57" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106586" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2719.json b/2019/2xxx/CVE-2019-2719.json index 65251bd70fd..3b8985bf243 100644 --- a/2019/2xxx/CVE-2019-2719.json +++ b/2019/2xxx/CVE-2019-2719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2733.json b/2019/2xxx/CVE-2019-2733.json index 081ca1030f2..d6a393ba80e 100644 --- a/2019/2xxx/CVE-2019-2733.json +++ b/2019/2xxx/CVE-2019-2733.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2733", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2733", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3005.json b/2019/3xxx/CVE-2019-3005.json index 0442c33230d..a879a574d02 100644 --- a/2019/3xxx/CVE-2019-3005.json +++ b/2019/3xxx/CVE-2019-3005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3005", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3005", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3624.json b/2019/3xxx/CVE-2019-3624.json index 81bc22d3f76..699d4b0dffd 100644 --- a/2019/3xxx/CVE-2019-3624.json +++ b/2019/3xxx/CVE-2019-3624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3760.json b/2019/3xxx/CVE-2019-3760.json index 78a46ca68ad..eb8bfba722f 100644 --- a/2019/3xxx/CVE-2019-3760.json +++ b/2019/3xxx/CVE-2019-3760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3760", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3760", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6194.json b/2019/6xxx/CVE-2019-6194.json index 8de876660af..281ba8be10d 100644 --- a/2019/6xxx/CVE-2019-6194.json +++ b/2019/6xxx/CVE-2019-6194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6446.json b/2019/6xxx/CVE-2019-6446.json index f78d0d3e71b..af50ae8188d 100644 --- a/2019/6xxx/CVE-2019-6446.json +++ b/2019/6xxx/CVE-2019-6446.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1122208", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1122208" - }, - { - "name" : "https://github.com/numpy/numpy/issues/12759", - "refsource" : "MISC", - "url" : "https://github.com/numpy/numpy/issues/12759" - }, - { - "name" : "106670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1122208", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208" + }, + { + "name": "106670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106670" + }, + { + "name": "https://github.com/numpy/numpy/issues/12759", + "refsource": "MISC", + "url": "https://github.com/numpy/numpy/issues/12759" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6794.json b/2019/6xxx/CVE-2019-6794.json index ad2126b0997..bbb536976e5 100644 --- a/2019/6xxx/CVE-2019-6794.json +++ b/2019/6xxx/CVE-2019-6794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6794", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6794", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6814.json b/2019/6xxx/CVE-2019-6814.json index 12ebb9be19c..17b11c0779d 100644 --- a/2019/6xxx/CVE-2019-6814.json +++ b/2019/6xxx/CVE-2019-6814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6814", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6814", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7010.json b/2019/7xxx/CVE-2019-7010.json index 96d64bb6b02..e412ed6b6bb 100644 --- a/2019/7xxx/CVE-2019-7010.json +++ b/2019/7xxx/CVE-2019-7010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7010", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7010", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7057.json b/2019/7xxx/CVE-2019-7057.json index 0bf8f7cfd70..e0d5e436387 100644 --- a/2019/7xxx/CVE-2019-7057.json +++ b/2019/7xxx/CVE-2019-7057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7690.json b/2019/7xxx/CVE-2019-7690.json index 3fc27c934c3..9ce033e4ac1 100644 --- a/2019/7xxx/CVE-2019-7690.json +++ b/2019/7xxx/CVE-2019-7690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file