diff --git a/2007/2xxx/CVE-2007-2264.json b/2007/2xxx/CVE-2007-2264.json index 9d4dc6e8644..338d50883a3 100644 --- a/2007/2xxx/CVE-2007-2264.json +++ b/2007/2xxx/CVE-2007-2264.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483113/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html" - }, - { - "name" : "http://service.real.com/realplayer/security/10252007_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/10252007_player/en/" - }, - { - "name" : "20071030 RealPlayer Updates of October 25, 2007", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001841.html" - }, - { - "name" : "26214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26214" - }, - { - "name" : "oval:org.mitre.oval:def:9100", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100" - }, - { - "name" : "ADV-2007-3628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3628" - }, - { - "name" : "1018866", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018866" - }, - { - "name" : "27361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27361" - }, - { - "name" : "realplayer-ram-bo(37437)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/10252007_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/10252007_player/en/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-063.html" + }, + { + "name": "1018866", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018866" + }, + { + "name": "realplayer-ram-bo(37437)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37437" + }, + { + "name": "20071031 ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483113/100/0/threaded" + }, + { + "name": "20071030 RealPlayer Updates of October 25, 2007", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001841.html" + }, + { + "name": "ADV-2007-3628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3628" + }, + { + "name": "oval:org.mitre.oval:def:9100", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9100" + }, + { + "name": "27361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27361" + }, + { + "name": "26214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26214" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2476.json b/2007/2xxx/CVE-2007-2476.json index 205b823991f..32e2f5212cf 100644 --- a/2007/2xxx/CVE-2007-2476.json +++ b/2007/2xxx/CVE-2007-2476.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html" - }, - { - "name" : "23547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23547" - }, - { - "name" : "ADV-2007-1436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1436" - }, - { - "name" : "35775", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35775" - }, - { - "name" : "1018006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018006" - }, - { - "name" : "25160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018006" + }, + { + "name": "23547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23547" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5003822.html" + }, + { + "name": "ADV-2007-1436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1436" + }, + { + "name": "35775", + "refsource": "OSVDB", + "url": "http://osvdb.org/35775" + }, + { + "name": "25160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25160" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2729.json b/2007/2xxx/CVE-2007-2729.json index 0f1e2ba779b..4d5f52ee965 100644 --- a/2007/2xxx/CVE-2007-2729.json +++ b/2007/2xxx/CVE-2007-2729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070515 Bypassing PFW/HIPS open process control with uncommon identifier", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468643/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php" - }, - { - "name" : "37375", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37375" - }, - { - "name" : "2714", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2714", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2714" + }, + { + "name": "20070515 Bypassing PFW/HIPS open process control with uncommon identifier", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468643/100/0/threaded" + }, + { + "name": "http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php" + }, + { + "name": "37375", + "refsource": "OSVDB", + "url": "http://osvdb.org/37375" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2838.json b/2007/2xxx/CVE-2007-2838.json index b906f532fe8..fca940666e7 100644 --- a/2007/2xxx/CVE-2007-2838.json +++ b/2007/2xxx/CVE-2007-2838.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1327", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1327" - }, - { - "name" : "24717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24717" - }, - { - "name" : "37795", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37795" - }, - { - "name" : "25909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25909" - }, - { - "name" : "25914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25914" - }, - { - "name" : "gsambad-populateconns-symlink(35401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25909" + }, + { + "name": "24717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24717" + }, + { + "name": "DSA-1327", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1327" + }, + { + "name": "25914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25914" + }, + { + "name": "37795", + "refsource": "OSVDB", + "url": "http://osvdb.org/37795" + }, + { + "name": "gsambad-populateconns-symlink(35401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35401" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3404.json b/2007/3xxx/CVE-2007-3404.json index 48a9e71d3e0..90e1d7652a6 100644 --- a/2007/3xxx/CVE-2007-3404.json +++ b/2007/3xxx/CVE-2007-3404.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4105", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4105" - }, - { - "name" : "24635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24635" - }, - { - "name" : "ADV-2007-2325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2325" - }, - { - "name" : "38603", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38603" - }, - { - "name" : "sitedepth-showimage-file-include(35055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4105", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4105" + }, + { + "name": "sitedepth-showimage-file-include(35055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35055" + }, + { + "name": "38603", + "refsource": "OSVDB", + "url": "http://osvdb.org/38603" + }, + { + "name": "ADV-2007-2325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2325" + }, + { + "name": "24635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24635" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3478.json b/2007/3xxx/CVE-2007-3478.json index b9bb1a6cb5d..f4a2e0262db 100644 --- a/2007/3xxx/CVE-2007-3478.json +++ b/2007/3xxx/CVE-2007-3478.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070907 FLEA-2007-0052-1 gd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478796/100/0/threaded" - }, - { - "name" : "http://bugs.php.net/bug.php?id=40578", - "refsource" : "MISC", - "url" : "http://bugs.php.net/bug.php?id=40578" - }, - { - "name" : "http://www.libgd.org/ReleaseNote020035", - "refsource" : "MISC", - "url" : "http://www.libgd.org/ReleaseNote020035" - }, - { - "name" : "http://bugs.libgd.org/?do=details&task_id=48", - "refsource" : "CONFIRM", - "url" : "http://bugs.libgd.org/?do=details&task_id=48" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1643", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1643" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421" - }, - { - "name" : "FEDORA-2007-2055", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2007-205.shtml" - }, - { - "name" : "FEDORA-2007-692", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html" - }, - { - "name" : "FEDORA-2010-19022", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html" - }, - { - "name" : "FEDORA-2010-19033", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html" - }, - { - "name" : "GLSA-200708-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml" - }, - { - "name" : "GLSA-200711-34", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml" - }, - { - "name" : "GLSA-200805-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml" - }, - { - "name" : "MDKSA-2007:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153" - }, - { - "name" : "MDKSA-2007:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "2007-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0024/" - }, - { - "name" : "42813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42813" - }, - { - "name" : "ADV-2007-2336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2336" - }, - { - "name" : "37740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37740" - }, - { - "name" : "25855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25855" - }, - { - "name" : "26272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26272" - }, - { - "name" : "26390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26390" - }, - { - "name" : "26415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26415" - }, - { - "name" : "26467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26467" - }, - { - "name" : "26663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26663" - }, - { - "name" : "26766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26766" - }, - { - "name" : "26856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26856" - }, - { - "name" : "30168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30168" - }, - { - "name" : "ADV-2011-0022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2007-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0024/" + }, + { + "name": "MDKSA-2007:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" + }, + { + "name": "http://bugs.libgd.org/?do=details&task_id=48", + "refsource": "CONFIRM", + "url": "http://bugs.libgd.org/?do=details&task_id=48" + }, + { + "name": "http://www.libgd.org/ReleaseNote020035", + "refsource": "MISC", + "url": "http://www.libgd.org/ReleaseNote020035" + }, + { + "name": "26415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26415" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1643", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1643" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421" + }, + { + "name": "25855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25855" + }, + { + "name": "GLSA-200805-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml" + }, + { + "name": "20070907 FLEA-2007-0052-1 gd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded" + }, + { + "name": "26467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26467" + }, + { + "name": "42813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42813" + }, + { + "name": "GLSA-200708-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200708-05.xml" + }, + { + "name": "30168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30168" + }, + { + "name": "FEDORA-2007-692", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html" + }, + { + "name": "ADV-2011-0022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0022" + }, + { + "name": "ADV-2007-2336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2336" + }, + { + "name": "26663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26663" + }, + { + "name": "FEDORA-2010-19033", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html" + }, + { + "name": "26856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26856" + }, + { + "name": "26272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26272" + }, + { + "name": "GLSA-200711-34", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml" + }, + { + "name": "37740", + "refsource": "OSVDB", + "url": "http://osvdb.org/37740" + }, + { + "name": "FEDORA-2010-19022", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html" + }, + { + "name": "MDKSA-2007:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153" + }, + { + "name": "26766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26766" + }, + { + "name": "26390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26390" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "http://bugs.php.net/bug.php?id=40578", + "refsource": "MISC", + "url": "http://bugs.php.net/bug.php?id=40578" + }, + { + "name": "FEDORA-2007-2055", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4535.json b/2007/4xxx/CVE-2007-4535.json index 54773dd5aeb..f73c09c030e 100644 --- a/2007/4xxx/CVE-2007-4535.json +++ b/2007/4xxx/CVE-2007-4535.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/vaboom2-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/vaboom2-adv.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=256621", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=256621" - }, - { - "name" : "FEDORA-2007-1977", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html" - }, - { - "name" : "25436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25436" - }, - { - "name" : "26554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26554" - }, - { - "name" : "26701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26701" - }, - { - "name" : "3057", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26701" + }, + { + "name": "http://aluigi.altervista.org/adv/vaboom2-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/vaboom2-adv.txt" + }, + { + "name": "FEDORA-2007-1977", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html" + }, + { + "name": "3057", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3057" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=256621", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=256621" + }, + { + "name": "26554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26554" + }, + { + "name": "25436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25436" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6236.json b/2007/6xxx/CVE-2007-6236.json index 56bf01c5eaf..0f1382ecc29 100644 --- a/2007/6xxx/CVE-2007-6236.json +++ b/2007/6xxx/CVE-2007-6236.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4682", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4682" - }, - { - "name" : "26648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26648" - }, - { - "name" : "43715", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43715" - }, - { - "name" : "win-mediaplayer-aiff-dos(38797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4682", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4682" + }, + { + "name": "43715", + "refsource": "OSVDB", + "url": "http://osvdb.org/43715" + }, + { + "name": "win-mediaplayer-aiff-dos(38797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38797" + }, + { + "name": "26648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26648" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6711.json b/2007/6xxx/CVE-2007-6711.json index 520d398ac04..99493a308fa 100644 --- a/2007/6xxx/CVE-2007-6711.json +++ b/2007/6xxx/CVE-2007-6711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.freewebshop.org/?Downloads:Fixes", - "refsource" : "CONFIRM", - "url" : "http://www.freewebshop.org/?Downloads:Fixes" - }, - { - "name" : "http://www.freewebshop.org/?News", - "refsource" : "CONFIRM", - "url" : "http://www.freewebshop.org/?News" - }, - { - "name" : "43804", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43804" - }, - { - "name" : "freewebsiteorg-customer-unauth-access(41439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.freewebshop.org/?News", + "refsource": "CONFIRM", + "url": "http://www.freewebshop.org/?News" + }, + { + "name": "http://www.freewebshop.org/?Downloads:Fixes", + "refsource": "CONFIRM", + "url": "http://www.freewebshop.org/?Downloads:Fixes" + }, + { + "name": "43804", + "refsource": "OSVDB", + "url": "http://osvdb.org/43804" + }, + { + "name": "freewebsiteorg-customer-unauth-access(41439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41439" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1005.json b/2010/1xxx/CVE-2010-1005.json index caed2217244..25e924b7444 100644 --- a/2010/1xxx/CVE-2010-1005.json +++ b/2010/1xxx/CVE-2010-1005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/yatse/0.3.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/yatse/0.3.2/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/yatse/0.3.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/yatse/0.3.2/" + }, + { + "name": "38808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38808" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1483.json b/2010/1xxx/CVE-2010-1483.json index fa11dadc6ee..6d8f7be7358 100644 --- a/2010/1xxx/CVE-2010-1483.json +++ b/2010/1xxx/CVE-2010-1483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1676.json b/2010/1xxx/CVE-2010-1676.json index e316cd61de2..35d135004be 100644 --- a/2010/1xxx/CVE-2010-1676.json +++ b/2010/1xxx/CVE-2010-1676.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20101220 Tor 0.2.1.28 is released (security patches)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Dec-2010/msg00000.html" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02128-released-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02128-released-security-patches" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog" - }, - { - "name" : "DSA-2136", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2136" - }, - { - "name" : "FEDORA-2010-19147", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html" - }, - { - "name" : "FEDORA-2010-19159", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html" - }, - { - "name" : "GLSA-201101-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-02.xml" - }, - { - "name" : "45500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45500" - }, - { - "name" : "1024910", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024910" - }, - { - "name" : "42536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42536" - }, - { - "name" : "42667", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42667" - }, - { - "name" : "42783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42783" - }, - { - "name" : "42916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42916" - }, - { - "name" : "ADV-2010-3290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3290" - }, - { - "name" : "ADV-2011-0114", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.torproject.org/blog/tor-02128-released-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02128-released-security-patches" + }, + { + "name": "42667", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42667" + }, + { + "name": "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02220-alpha-out-security-patches" + }, + { + "name": "1024910", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024910" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog" + }, + { + "name": "ADV-2011-0114", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0114" + }, + { + "name": "[or-announce] 20101220 Tor 0.2.1.28 is released (security patches)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Dec-2010/msg00000.html" + }, + { + "name": "ADV-2010-3290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3290" + }, + { + "name": "GLSA-201101-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-02.xml" + }, + { + "name": "45500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45500" + }, + { + "name": "42916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42916" + }, + { + "name": "42783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42783" + }, + { + "name": "42536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42536" + }, + { + "name": "FEDORA-2010-19159", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html" + }, + { + "name": "DSA-2136", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2136" + }, + { + "name": "FEDORA-2010-19147", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1862.json b/2010/1xxx/CVE-2010-1862.json index 557d3dcebd8..f1238bae8ca 100644 --- a/2010/1xxx/CVE-2010-1862.json +++ b/2010/1xxx/CVE-2010-1862.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/04/mops-2010-008-php-chunk_split-interruption-information-leak-vulnerability/index.html" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1995.json b/2010/1xxx/CVE-2010-1995.json index 6565cfea9ca..f7e23453f4e 100644 --- a/2010/1xxx/CVE-2010-1995.json +++ b/2010/1xxx/CVE-2010-1995.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with \"Add new article\" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Secunia Research: TomatoCMS Script Insertion Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511272/100/0/threaded" - }, - { - "name" : "http://holisticinfosec.org/content/view/141/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/141/45/" - }, - { - "name" : "http://secunia.com/secunia_research/2010-59/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-59/" - }, - { - "name" : "40108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40108" - }, - { - "name" : "64550", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64550" - }, - { - "name" : "39320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39320" - }, - { - "name" : "tomatocms-index-title-xss(58471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with \"Add new article\" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100512 Secunia Research: TomatoCMS Script Insertion Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511272/100/0/threaded" + }, + { + "name": "39320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39320" + }, + { + "name": "http://holisticinfosec.org/content/view/141/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/141/45/" + }, + { + "name": "tomatocms-index-title-xss(58471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58471" + }, + { + "name": "http://secunia.com/secunia_research/2010-59/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-59/" + }, + { + "name": "64550", + "refsource": "OSVDB", + "url": "http://osvdb.org/64550" + }, + { + "name": "40108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40108" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5081.json b/2010/5xxx/CVE-2010-5081.json index 6bc0279f607..773ea54749e 100644 --- a/2010/5xxx/CVE-2010-5081.json +++ b/2010/5xxx/CVE-2010-5081.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14373", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14373" - }, - { - "name" : "18113", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18113", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18113" + }, + { + "name": "14373", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14373" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5098.json b/2010/5xxx/CVE-2010-5098.json index 36ceec2a05d..bd7b00a520d 100644 --- a/2010/5xxx/CVE-2010-5098.json +++ b/2010/5xxx/CVE-2010-5098.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/13/2" - }, - { - "name" : "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/11/3" - }, - { - "name" : "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/10/7" - }, - { - "name" : "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/12/5" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/" - }, - { - "name" : "45470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45470" - }, - { - "name" : "70122", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70122" - }, - { - "name" : "35770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35770" - }, - { - "name" : "typo3-form-xss(64179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70122", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70122" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/" + }, + { + "name": "45470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45470" + }, + { + "name": "35770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35770" + }, + { + "name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5" + }, + { + "name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2" + }, + { + "name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3" + }, + { + "name": "typo3-form-xss(64179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64179" + }, + { + "name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0227.json b/2014/0xxx/CVE-2014-0227.json index 4d312af8556..ffbdbfcaf03 100644 --- a/2014/0xxx/CVE-2014-0227.json +++ b/2014/0xxx/CVE-2014-0227.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1600984", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1600984" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109196", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" - }, - { - "name" : "https://source.jboss.org/changelog/JBossWeb?cs=2455", - "refsource" : "CONFIRM", - "url" : "https://source.jboss.org/changelog/JBossWeb?cs=2455" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0081.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0081.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3447", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3447" - }, - { - "name" : "FEDORA-2015-2109", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" - }, - { - "name" : "HPSBUX03337", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "HPSBUX03341", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143393515412274&w=2" - }, - { - "name" : "SSRT102066", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "SSRT102068", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143393515412274&w=2" - }, - { - "name" : "MDVSA-2015:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" - }, - { - "name" : "MDVSA-2015:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" - }, - { - "name" : "MDVSA-2015:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "RHSA-2015:0983", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0983.html" - }, - { - "name" : "RHSA-2015:0991", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0991.html" - }, - { - "name" : "USN-2655-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2655-1" - }, - { - "name" : "USN-2654-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2654-1" - }, - { - "name" : "72717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72717" - }, - { - "name" : "1032791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "USN-2654-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2654-1" + }, + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "MDVSA-2015:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" + }, + { + "name": "HPSBUX03341", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143393515412274&w=2" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "SSRT102068", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143393515412274&w=2" + }, + { + "name": "72717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72717" + }, + { + "name": "RHSA-2015:0991", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html" + }, + { + "name": "MDVSA-2015:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "1032791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032791" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "RHSA-2015:0983", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html" + }, + { + "name": "SSRT102066", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "MDVSA-2015:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "FEDORA-2015-2109", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" + }, + { + "name": "https://source.jboss.org/changelog/JBossWeb?cs=2455", + "refsource": "CONFIRM", + "url": "https://source.jboss.org/changelog/JBossWeb?cs=2455" + }, + { + "name": "20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0081.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0081.html" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "USN-2655-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2655-1" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1600984", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1600984" + }, + { + "name": "HPSBUX03337", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "DSA-3447", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3447" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0777.json b/2014/0xxx/CVE-2014-0777.json index 4c2e4bb2b4a..618dee5c1e2 100644 --- a/2014/0xxx/CVE-2014-0777.json +++ b/2014/0xxx/CVE-2014-0777.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1826.json b/2014/1xxx/CVE-2014-1826.json index 6c22b211fc1..71aa73fb49d 100644 --- a/2014/1xxx/CVE-2014-1826.json +++ b/2014/1xxx/CVE-2014-1826.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.madirish.net/559", - "refsource" : "MISC", - "url" : "http://www.madirish.net/559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.madirish.net/559", + "refsource": "MISC", + "url": "http://www.madirish.net/559" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1839.json b/2014/1xxx/CVE-2014-1839.json index 6f589151879..5e42323bbec 100644 --- a/2014/1xxx/CVE-2014-1839.json +++ b/2014/1xxx/CVE-2014-1839.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module", - "refsource" : "MLIST", - "url" : "http://comments.gmane.org/gmane.comp.security.oss.general/11986" - }, - { - "name" : "http://www.logilab.org/ticket/207562", - "refsource" : "CONFIRM", - "url" : "http://www.logilab.org/ticket/207562" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" - }, - { - "name" : "openSUSE-SU-2014:0306", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" - }, - { - "name" : "57209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.logilab.org/ticket/207562", + "refsource": "CONFIRM", + "url": "http://www.logilab.org/ticket/207562" + }, + { + "name": "openSUSE-SU-2014:0306", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" + }, + { + "name": "57209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57209" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" + }, + { + "name": "[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module", + "refsource": "MLIST", + "url": "http://comments.gmane.org/gmane.comp.security.oss.general/11986" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1876.json b/2014/1xxx/CVE-2014-1876.json index 01aa68f65d8..b2264856485 100644 --- a/2014/1xxx/CVE-2014-1876.json +++ b/2014/1xxx/CVE-2014-1876.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140203 CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/242" - }, - { - "name" : "[oss-security] 20140207 Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/285" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1060907", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1060907" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679713" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0685", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "65568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65568" - }, - { - "name" : "102808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102808" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - }, - { - "name" : "59058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1060907", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060907" + }, + { + "name": "59058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59058" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "RHSA-2014:0685", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "[oss-security] 20140207 Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/285" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" + }, + { + "name": "[oss-security] 20140203 CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/242" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713" + }, + { + "name": "65568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65568" + }, + { + "name": "102808", + "refsource": "OSVDB", + "url": "http://osvdb.org/102808" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5316.json b/2014/5xxx/CVE-2014-5316.json index 665e9c5490d..430c77592f9 100644 --- a/2014/5xxx/CVE-2014-5316.json +++ b/2014/5xxx/CVE-2014-5316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-5316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4", - "refsource" : "MISC", - "url" : "http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4" - }, - { - "name" : "JVN#61637002", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN61637002/index.html" - }, - { - "name" : "JVNDB-2014-000110", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000110" - }, - { - "name" : "69985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#61637002", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN61637002/index.html" + }, + { + "name": "69985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69985" + }, + { + "name": "JVNDB-2014-000110", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000110" + }, + { + "name": "http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4", + "refsource": "MISC", + "url": "http://dotclear.org/blog/post/2014/08/18/Dotclear-2.6.4" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5368.json b/2014/5xxx/CVE-2014-5368.json index 32dd122526a..1edc20be6fe 100644 --- a/2014/5xxx/CVE-2014-5368.json +++ b/2014/5xxx/CVE-2014-5368.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140819 CVE request: WordPress plugin wp-source-control remote path traversal file access", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/407" - }, - { - "name" : "[oss-security] 20140820 Re: CVE request: WordPress plugin wp-source-control remote path traversal file access", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/417" - }, - { - "name" : "69278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69278" - }, - { - "name" : "wp-sourcecontrol-dir-trav(95374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69278" + }, + { + "name": "[oss-security] 20140820 Re: CVE request: WordPress plugin wp-source-control remote path traversal file access", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/417" + }, + { + "name": "[oss-security] 20140819 CVE request: WordPress plugin wp-source-control remote path traversal file access", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/407" + }, + { + "name": "wp-sourcecontrol-dir-trav(95374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95374" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5517.json b/2014/5xxx/CVE-2014-5517.json index 2098196cd83..33eb2f60886 100644 --- a/2014/5xxx/CVE-2014-5517.json +++ b/2014/5xxx/CVE-2014-5517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5585.json b/2014/5xxx/CVE-2014-5585.json index c55f30c6a0c..111a8d2173d 100644 --- a/2014/5xxx/CVE-2014-5585.json +++ b/2014/5xxx/CVE-2014-5585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#630633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/630633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#630633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/630633" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5895.json b/2014/5xxx/CVE-2014-5895.json index b88dd0ad639..e6be02168a4 100644 --- a/2014/5xxx/CVE-2014-5895.json +++ b/2014/5xxx/CVE-2014-5895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#528289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/528289" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#528289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/528289" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2283.json b/2015/2xxx/CVE-2015-2283.json index fbf06049782..bc0702ca7c6 100644 --- a/2015/2xxx/CVE-2015-2283.json +++ b/2015/2xxx/CVE-2015-2283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2813.json b/2015/2xxx/CVE-2015-2813.json index 68c14da31c5..a80a58bdb43 100644 --- a/2015/2xxx/CVE-2015-2813.json +++ b/2015/2xxx/CVE-2015-2813.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 [ERPSCAN-15-005] SAP Mobile Platform - XXE", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535828/100/800/threaded" - }, - { - "name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/63" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/" - }, - { - "name" : "http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html" - }, - { - "name" : "73692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/63" + }, + { + "name": "20150625 [ERPSCAN-15-005] SAP Mobile Platform - XXE", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535828/100/800/threaded" + }, + { + "name": "73692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73692" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/" + }, + { + "name": "http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10091.json b/2016/10xxx/CVE-2016-10091.json index 9ff22c9a4c1..a33e6d20949 100644 --- a/2016/10xxx/CVE-2016-10091.json +++ b/2016/10xxx/CVE-2016-10091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-10091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161231 Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/31/3" - }, - { - "name" : "[oss-security] 20170101 Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/01/1" - }, - { - "name" : "http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406", - "refsource" : "CONFIRM", - "url" : "http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1409546", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1409546" - }, - { - "name" : "95173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406", + "refsource": "CONFIRM", + "url": "http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406" + }, + { + "name": "95173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95173" + }, + { + "name": "[oss-security] 20161231 Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/31/3" + }, + { + "name": "[oss-security] 20170101 Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/01/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1409546", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409546" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10354.json b/2016/10xxx/CVE-2016-10354.json index 30dfac64132..18393c02045 100644 --- a/2016/10xxx/CVE-2016-10354.json +++ b/2016/10xxx/CVE-2016-10354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10354", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10354", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4550.json b/2016/4xxx/CVE-2016-4550.json index 20b17b31643..e70ed392e00 100644 --- a/2016/4xxx/CVE-2016-4550.json +++ b/2016/4xxx/CVE-2016-4550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4571.json b/2016/4xxx/CVE-2016-4571.json index 05d9c444c6a..df9dbf8ad64 100644 --- a/2016/4xxx/CVE-2016-4571.json +++ b/2016/4xxx/CVE-2016-4571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160509 Re: CVE requested: two stack exhaustation parsing xml files using mxml", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/09/16" - }, - { - "name" : "[oss-security] 20160511 Re: CVE requested: two stack exhaustation parsing xml files using mxml", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/11/14" - }, - { - "name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334648" - }, - { - "name" : "90315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160509 Re: CVE requested: two stack exhaustation parsing xml files using mxml", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/09/16" + }, + { + "name": "90315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90315" + }, + { + "name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html" + }, + { + "name": "[oss-security] 20160511 Re: CVE requested: two stack exhaustation parsing xml files using mxml", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/11/14" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334648", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334648" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4994.json b/2016/4xxx/CVE-2016-4994.json index 8a9aced2d84..d4018c44f09 100644 --- a/2016/4xxx/CVE-2016-4994.json +++ b/2016/4xxx/CVE-2016-4994.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=767873", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=767873" - }, - { - "name" : "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f" - }, - { - "name" : "DSA-3612", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3612" - }, - { - "name" : "RHSA-2016:2589", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2589.html" - }, - { - "name" : "SSA:2016-203-01", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987" - }, - { - "name" : "openSUSE-SU-2016:1727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html" - }, - { - "name" : "USN-3025-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3025-1" - }, - { - "name" : "91425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91425" - }, - { - "name" : "1036226", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036226", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036226" + }, + { + "name": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=767873", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=767873" + }, + { + "name": "openSUSE-SU-2016:1727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html" + }, + { + "name": "91425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91425" + }, + { + "name": "DSA-3612", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3612" + }, + { + "name": "USN-3025-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3025-1" + }, + { + "name": "SSA:2016-203-01", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987" + }, + { + "name": "RHSA-2016:2589", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2589.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8185.json b/2016/8xxx/CVE-2016-8185.json index 7fb25499f8d..2c9a4faa7bb 100644 --- a/2016/8xxx/CVE-2016-8185.json +++ b/2016/8xxx/CVE-2016-8185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8413.json b/2016/8xxx/CVE-2016-8413.json index c5aa864255b..1fa7866d93f 100644 --- a/2016/8xxx/CVE-2016-8413.json +++ b/2016/8xxx/CVE-2016-8413.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d" - }, - { - "name" : "96749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96749" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d" + }, + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96749" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8704.json b/2016/8xxx/CVE-2016-8704.json index 7916c916d69..11b454f6bbb 100644 --- a/2016/8xxx/CVE-2016-8704.json +++ b/2016/8xxx/CVE-2016-8704.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Memcached", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.31" - } - ] - } - } - ] - }, - "vendor_name" : "Memcached" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Memcached", + "version": { + "version_data": [ + { + "version_value": "1.4.31" + } + ] + } + } + ] + }, + "vendor_name": "Memcached" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0219/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0219/" - }, - { - "name" : "DSA-3704", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3704" - }, - { - "name" : "GLSA-201701-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-12" - }, - { - "name" : "RHSA-2016:2819", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2819.html" - }, - { - "name" : "RHSA-2016:2820", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2820.html" - }, - { - "name" : "RHSA-2017:0059", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0059" - }, - { - "name" : "94083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94083" - }, - { - "name" : "1037333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-12" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0219/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0219/" + }, + { + "name": "DSA-3704", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3704" + }, + { + "name": "RHSA-2016:2819", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2819.html" + }, + { + "name": "94083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94083" + }, + { + "name": "RHSA-2016:2820", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2820.html" + }, + { + "name": "RHSA-2017:0059", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0059" + }, + { + "name": "1037333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037333" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9187.json b/2016/9xxx/CVE-2016-9187.json index f6756ae452b..96f5b798826 100644 --- a/2016/9xxx/CVE-2016-9187.json +++ b/2016/9xxx/CVE-2016-9187.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the double extension support in the \"image\" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html" - }, - { - "name" : "94191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the double extension support in the \"image\" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94191" + }, + { + "name": "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9215.json b/2016/9xxx/CVE-2016-9215.json index 959f74fd925..93234e18b55 100644 --- a/2016/9xxx/CVE-2016-9215.json +++ b/2016/9xxx/CVE-2016-9215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XR", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XR" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XR" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr" - }, - { - "name" : "94812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94812" - }, - { - "name" : "1037418", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037418", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037418" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr" + }, + { + "name": "94812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94812" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9772.json b/2016/9xxx/CVE-2016-9772.json index dff3e25efaa..219d32c16a3 100644 --- a/2016/9xxx/CVE-2016-9772.json +++ b/2016/9xxx/CVE-2016-9772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/9" - }, - { - "name" : "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt" - }, - { - "name" : "94651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/9" + }, + { + "name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt" + }, + { + "name": "94651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94651" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9987.json b/2016/9xxx/CVE-2016-9987.json index f41ced401d6..f5a3bd7624e 100644 --- a/2016/9xxx/CVE-2016-9987.json +++ b/2016/9xxx/CVE-2016-9987.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2016-9987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2016-9987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120553", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120553" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001007", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001007" - }, - { - "name" : "99353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120553", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120553" + }, + { + "name": "99353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99353" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001007", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001007" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2172.json b/2019/2xxx/CVE-2019-2172.json index 85504fd3a4d..cf70edacc39 100644 --- a/2019/2xxx/CVE-2019-2172.json +++ b/2019/2xxx/CVE-2019-2172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2172", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2511.json b/2019/2xxx/CVE-2019-2511.json index 8b7d6a3edf1..8c9f595f6cc 100644 --- a/2019/2xxx/CVE-2019-2511.json +++ b/2019/2xxx/CVE-2019-2511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106574" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2764.json b/2019/2xxx/CVE-2019-2764.json index 991d5238fbb..540fe758e16 100644 --- a/2019/2xxx/CVE-2019-2764.json +++ b/2019/2xxx/CVE-2019-2764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3639.json b/2019/3xxx/CVE-2019-3639.json index eb7ea670154..8ef748df359 100644 --- a/2019/3xxx/CVE-2019-3639.json +++ b/2019/3xxx/CVE-2019-3639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3639", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6086.json b/2019/6xxx/CVE-2019-6086.json index ab337e8a1ad..d7e09892d16 100644 --- a/2019/6xxx/CVE-2019-6086.json +++ b/2019/6xxx/CVE-2019-6086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6226.json b/2019/6xxx/CVE-2019-6226.json index 5eb08ad2b97..5b66c97c239 100644 --- a/2019/6xxx/CVE-2019-6226.json +++ b/2019/6xxx/CVE-2019-6226.json @@ -1,153 +1,153 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - }, - { - "product_name" : "watchOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "watchOS 5.1.3" - } - ] - } - }, - { - "product_name" : "Safari", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "Safari 12.0.3" - } - ] - } - }, - { - "product_name" : "iTunes for Windows", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iTunes 12.9.3 for Windows" - } - ] - } - }, - { - "product_name" : "iCloud for Windows", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iCloud for Windows 7.10" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Processing maliciously crafted web content may lead to arbitrary code execution" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.1.3" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "Safari 12.0.3" + } + ] + } + }, + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iTunes 12.9.3 for Windows" + } + ] + } + }, + { + "product_name": "iCloud for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iCloud for Windows 7.10" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "https://support.apple.com/HT209448", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209448" - }, - { - "name" : "https://support.apple.com/HT209449", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209449" - }, - { - "name" : "https://support.apple.com/HT209450", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209450" - }, - { - "name" : "https://support.apple.com/HT209451", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209451" - }, - { - "name" : "GLSA-201903-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-12" - }, - { - "name" : "106696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201903-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-12" + }, + { + "name": "106696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106696" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "https://support.apple.com/HT209451", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209451" + }, + { + "name": "https://support.apple.com/HT209449", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209449" + }, + { + "name": "https://support.apple.com/HT209450", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209450" + }, + { + "name": "https://support.apple.com/HT209448", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209448" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6852.json b/2019/6xxx/CVE-2019-6852.json index 4112cd258e5..b40519ecef9 100644 --- a/2019/6xxx/CVE-2019-6852.json +++ b/2019/6xxx/CVE-2019-6852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6852", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6852", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7047.json b/2019/7xxx/CVE-2019-7047.json index cacdb229e23..5e4aec4bd87 100644 --- a/2019/7xxx/CVE-2019-7047.json +++ b/2019/7xxx/CVE-2019-7047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7265.json b/2019/7xxx/CVE-2019-7265.json index 9d13866bd23..b5940263de8 100644 --- a/2019/7xxx/CVE-2019-7265.json +++ b/2019/7xxx/CVE-2019-7265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7265", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7265", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7512.json b/2019/7xxx/CVE-2019-7512.json index ca68055749c..e017a12cf9e 100644 --- a/2019/7xxx/CVE-2019-7512.json +++ b/2019/7xxx/CVE-2019-7512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7779.json b/2019/7xxx/CVE-2019-7779.json index eeb115fcd55..b1d4d85b937 100644 --- a/2019/7xxx/CVE-2019-7779.json +++ b/2019/7xxx/CVE-2019-7779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7917.json b/2019/7xxx/CVE-2019-7917.json index 1b61b1c12a0..6e284d6a787 100644 --- a/2019/7xxx/CVE-2019-7917.json +++ b/2019/7xxx/CVE-2019-7917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file