From 3b673b3dfd571c905660608c94ae34c7795ae390 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:06:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2192.json | 170 ++++++++++---------- 2007/2xxx/CVE-2007-2406.json | 170 ++++++++++---------- 2007/3xxx/CVE-2007-3449.json | 170 ++++++++++---------- 2007/3xxx/CVE-2007-3531.json | 180 ++++++++++----------- 2007/3xxx/CVE-2007-3829.json | 200 +++++++++++------------ 2007/6xxx/CVE-2007-6006.json | 150 +++++++++--------- 2007/6xxx/CVE-2007-6170.json | 240 ++++++++++++++-------------- 2007/6xxx/CVE-2007-6199.json | 280 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6514.json | 150 +++++++++--------- 2010/0xxx/CVE-2010-0194.json | 160 +++++++++---------- 2010/0xxx/CVE-2010-0662.json | 170 ++++++++++---------- 2010/1xxx/CVE-2010-1037.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1362.json | 150 +++++++++--------- 2010/1xxx/CVE-2010-1561.json | 140 ++++++++--------- 2010/1xxx/CVE-2010-1597.json | 200 +++++++++++------------ 2010/1xxx/CVE-2010-1956.json | 190 +++++++++++----------- 2010/5xxx/CVE-2010-5046.json | 180 ++++++++++----------- 2010/5xxx/CVE-2010-5167.json | 200 +++++++++++------------ 2014/0xxx/CVE-2014-0259.json | 140 ++++++++--------- 2014/0xxx/CVE-2014-0400.json | 170 ++++++++++---------- 2014/0xxx/CVE-2014-0466.json | 160 +++++++++---------- 2014/0xxx/CVE-2014-0614.json | 150 +++++++++--------- 2014/0xxx/CVE-2014-0690.json | 34 ++-- 2014/0xxx/CVE-2014-0746.json | 130 +++++++-------- 2014/1xxx/CVE-2014-1210.json | 120 +++++++------- 2014/1xxx/CVE-2014-1384.json | 230 +++++++++++++-------------- 2014/1xxx/CVE-2014-1513.json | 250 ++++++++++++++--------------- 2014/1xxx/CVE-2014-1589.json | 150 +++++++++--------- 2014/5xxx/CVE-2014-5115.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5531.json | 140 ++++++++--------- 2014/5xxx/CVE-2014-5890.json | 140 ++++++++--------- 2014/5xxx/CVE-2014-5944.json | 140 ++++++++--------- 2016/10xxx/CVE-2016-10019.json | 34 ++-- 2016/3xxx/CVE-2016-3127.json | 130 +++++++-------- 2016/3xxx/CVE-2016-3203.json | 160 +++++++++---------- 2016/3xxx/CVE-2016-3707.json | 180 ++++++++++----------- 2016/3xxx/CVE-2016-3840.json | 140 ++++++++--------- 2016/4xxx/CVE-2016-4120.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8223.json | 130 +++++++-------- 2016/8xxx/CVE-2016-8663.json | 34 ++-- 2016/8xxx/CVE-2016-8678.json | 160 +++++++++---------- 2016/9xxx/CVE-2016-9258.json | 34 ++-- 2016/9xxx/CVE-2016-9319.json | 140 ++++++++--------- 2016/9xxx/CVE-2016-9400.json | 180 ++++++++++----------- 2016/9xxx/CVE-2016-9613.json | 34 ++-- 2016/9xxx/CVE-2016-9888.json | 150 +++++++++--------- 2019/2xxx/CVE-2019-2272.json | 34 ++-- 2019/2xxx/CVE-2019-2387.json | 34 ++-- 2019/2xxx/CVE-2019-2641.json | 34 ++-- 2019/2xxx/CVE-2019-2686.json | 34 ++-- 2019/6xxx/CVE-2019-6042.json | 34 ++-- 2019/6xxx/CVE-2019-6138.json | 120 +++++++------- 2019/6xxx/CVE-2019-6236.json | 34 ++-- 2019/6xxx/CVE-2019-6927.json | 34 ++-- 2019/7xxx/CVE-2019-7259.json | 34 ++-- 2019/7xxx/CVE-2019-7334.json | 120 +++++++------- 2019/7xxx/CVE-2019-7847.json | 34 ++-- 57 files changed, 3773 insertions(+), 3773 deletions(-) diff --git a/2007/2xxx/CVE-2007-2192.json b/2007/2xxx/CVE-2007-2192.json index e8334d986e7..5edd46edcfa 100644 --- a/2007/2xxx/CVE-2007-2192.json +++ b/2007/2xxx/CVE-2007-2192.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3772", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3772" - }, - { - "name" : "23582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23582" - }, - { - "name" : "ADV-2007-1490", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1490" - }, - { - "name" : "35265", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35265" - }, - { - "name" : "24981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24981" - }, - { - "name" : "photofiltre-tif-bo(33807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35265", + "refsource": "OSVDB", + "url": "http://osvdb.org/35265" + }, + { + "name": "photofiltre-tif-bo(33807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33807" + }, + { + "name": "3772", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3772" + }, + { + "name": "23582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23582" + }, + { + "name": "24981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24981" + }, + { + "name": "ADV-2007-1490", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1490" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2406.json b/2007/2xxx/CVE-2007-2406.json index 75a46bc3236..bd90a3f225e 100644 --- a/2007/2xxx/CVE-2007-2406.json +++ b/2007/2xxx/CVE-2007-2406.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "macos-quartzcomposer-code-execution(35737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-quartzcomposer-code-execution(35737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35737" + }, + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3449.json b/2007/3xxx/CVE-2007-3449.json index b92fd5d5c8f..d19fa83c5af 100644 --- a/2007/3xxx/CVE-2007-3449.json +++ b/2007/3xxx/CVE-2007-3449.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4104", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4104" - }, - { - "name" : "24630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24630" - }, - { - "name" : "37012", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37012" - }, - { - "name" : "ADV-2007-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2323" - }, - { - "name" : "25834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25834" - }, - { - "name" : "6alblog-member-sql-injection(35048)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6alblog-member-sql-injection(35048)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35048" + }, + { + "name": "4104", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4104" + }, + { + "name": "25834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25834" + }, + { + "name": "24630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24630" + }, + { + "name": "ADV-2007-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2323" + }, + { + "name": "37012", + "refsource": "OSVDB", + "url": "http://osvdb.org/37012" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3531.json b/2007/3xxx/CVE-2007-3531.json index 01dacf124f8..4811ee8174b 100644 --- a/2007/3xxx/CVE-2007-3531.json +++ b/2007/3xxx/CVE-2007-3531.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=184071", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=184071" - }, - { - "name" : "GLSA-200707-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200707-08.xml" - }, - { - "name" : "25052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25052" - }, - { - "name" : "38573", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38573" - }, - { - "name" : "26200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26200" - }, - { - "name" : "26208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26208" - }, - { - "name" : "nvclock-setdefaultspeeds-symlink(35584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26200" + }, + { + "name": "26208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26208" + }, + { + "name": "38573", + "refsource": "OSVDB", + "url": "http://osvdb.org/38573" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=184071", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=184071" + }, + { + "name": "GLSA-200707-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200707-08.xml" + }, + { + "name": "25052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25052" + }, + { + "name": "nvclock-setdefaultspeeds-symlink(35584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35584" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3829.json b/2007/3xxx/CVE-2007-3829.json index f3417a9292d..6f6d797fd4c 100644 --- a/2007/3xxx/CVE-2007-3829.json +++ b/2007/3xxx/CVE-2007-3829.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#470913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/470913" - }, - { - "name" : "VU#916897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/916897" - }, - { - "name" : "24919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24919" - }, - { - "name" : "37717", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37717" - }, - { - "name" : "37718", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37718" - }, - { - "name" : "25718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25718" - }, - { - "name" : "25739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25739" - }, - { - "name" : "interactual-iamce-bo(35422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35422" - }, - { - "name" : "interactual-cineplayer-iakey-bo(35423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25739" + }, + { + "name": "37718", + "refsource": "OSVDB", + "url": "http://osvdb.org/37718" + }, + { + "name": "interactual-iamce-bo(35422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35422" + }, + { + "name": "VU#470913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/470913" + }, + { + "name": "25718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25718" + }, + { + "name": "37717", + "refsource": "OSVDB", + "url": "http://osvdb.org/37717" + }, + { + "name": "24919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24919" + }, + { + "name": "VU#916897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/916897" + }, + { + "name": "interactual-cineplayer-iakey-bo(35423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35423" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6006.json b/2007/6xxx/CVE-2007-6006.json index 5ff9fc251e2..770921658e2 100644 --- a/2007/6xxx/CVE-2007-6006.json +++ b/2007/6xxx/CVE-2007-6006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=548619&group_id=90976", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=548619&group_id=90976" - }, - { - "name" : "26439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26439" - }, - { - "name" : "42211", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42211" - }, - { - "name" : "27600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42211", + "refsource": "OSVDB", + "url": "http://osvdb.org/42211" + }, + { + "name": "27600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27600" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=548619&group_id=90976", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=548619&group_id=90976" + }, + { + "name": "26439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26439" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6170.json b/2007/6xxx/CVE-2007-6170.json index c29a59128a3..356a117cade 100644 --- a/2007/6xxx/CVE-2007-6170.json +++ b/2007/6xxx/CVE-2007-6170.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484388/100/0/threaded" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2007-026.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2007-026.html" - }, - { - "name" : "DSA-1417", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1417" - }, - { - "name" : "GLSA-200804-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-13.xml" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "26647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26647" - }, - { - "name" : "ADV-2007-4056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4056" - }, - { - "name" : "1019020", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019020" - }, - { - "name" : "27827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27827" - }, - { - "name" : "27892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27892" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29782" - }, - { - "name" : "asterisk-cdrpqsql-sql-injection(38765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29782" + }, + { + "name": "GLSA-200804-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "27892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27892" + }, + { + "name": "20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484388/100/0/threaded" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2007-026.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2007-026.html" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "1019020", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019020" + }, + { + "name": "26647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26647" + }, + { + "name": "DSA-1417", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1417" + }, + { + "name": "27827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27827" + }, + { + "name": "asterisk-cdrpqsql-sql-injection(38765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38765" + }, + { + "name": "ADV-2007-4056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4056" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6199.json b/2007/6xxx/CVE-2007-6199.json index b3114ddcc67..77fd658d8d2 100644 --- a/2007/6xxx/CVE-2007-6199.json +++ b/2007/6xxx/CVE-2007-6199.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 FLEA-2008-0004-1 rsync", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487991/100/0/threaded" - }, - { - "name" : "http://rsync.samba.org/security.html#s3_0_0", - "refsource" : "CONFIRM", - "url" : "http://rsync.samba.org/security.html#s3_0_0" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html" - }, - { - "name" : "APPLE-SA-2008-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" - }, - { - "name" : "MDVSA-2008:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011" - }, - { - "name" : "SUSE-SR:2008:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" - }, - { - "name" : "26638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26638" - }, - { - "name" : "61005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61005" - }, - { - "name" : "ADV-2007-4057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4057" - }, - { - "name" : "ADV-2008-2268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2268" - }, - { - "name" : "1019012", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019012" - }, - { - "name" : "27863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27863" - }, - { - "name" : "27853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27853" - }, - { - "name" : "28412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28412" - }, - { - "name" : "28457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28457" - }, - { - "name" : "31326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28412" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html" + }, + { + "name": "ADV-2007-4057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4057" + }, + { + "name": "APPLE-SA-2008-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" + }, + { + "name": "ADV-2008-2268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2268" + }, + { + "name": "27853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27853" + }, + { + "name": "20080212 FLEA-2008-0004-1 rsync", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded" + }, + { + "name": "27863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27863" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257" + }, + { + "name": "http://rsync.samba.org/security.html#s3_0_0", + "refsource": "CONFIRM", + "url": "http://rsync.samba.org/security.html#s3_0_0" + }, + { + "name": "61005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61005" + }, + { + "name": "28457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28457" + }, + { + "name": "MDVSA-2008:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011" + }, + { + "name": "31326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31326" + }, + { + "name": "26638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26638" + }, + { + "name": "1019012", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019012" + }, + { + "name": "SUSE-SR:2008:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6514.json b/2007/6xxx/CVE-2007-6514.json index 5aaddd6ccc1..d8c603c129f 100644 --- a/2007/6xxx/CVE-2007-6514.json +++ b/2007/6xxx/CVE-2007-6514.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing \"\\\" (backslash), which is not handled by the intended AddType directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071219 smbfs and apache+php source code disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485316/100/0/threaded" - }, - { - "name" : "26939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26939" - }, - { - "name" : "3479", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3479" - }, - { - "name" : "apache-windows-share-info-disclosure(39158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing \"\\\" (backslash), which is not handled by the intended AddType directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071219 smbfs and apache+php source code disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485316/100/0/threaded" + }, + { + "name": "3479", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3479" + }, + { + "name": "26939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26939" + }, + { + "name": "apache-windows-share-info-disclosure(39158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39158" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0194.json b/2010/0xxx/CVE-2010-0194.json index a04798f6e9a..e98975531ab 100644 --- a/2010/0xxx/CVE-2010-0194.json +++ b/2010/0xxx/CVE-2010-0194.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "oval:org.mitre.oval:def:6823", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6823" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "oval:org.mitre.oval:def:6823", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6823" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0662.json b/2010/0xxx/CVE-2010-0662.json index 40b47d9ae0c..fdaea5ec965 100644 --- a/2010/0xxx/CVE-2010-0662.json +++ b/2010/0xxx/CVE-2010-0662.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=31307", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=31307" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "oval:org.mitre.oval:def:14457", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14457" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "googlechrome-paramtraits-dos(56627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ParamTraits::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "googlechrome-paramtraits-dos(56627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56627" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=31307", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=31307" + }, + { + "name": "oval:org.mitre.oval:def:14457", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14457" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1037.json b/2010/1xxx/CVE-2010-1037.json index 0d9c4f6af80..547a885184a 100644 --- a/2010/1xxx/CVE-2010-1037.json +++ b/2010/1xxx/CVE-2010-1037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02525", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127239985506823&w=2" - }, - { - "name" : "SSRT100083", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127239985506823&w=2" - }, - { - "name" : "39736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39736" - }, - { - "name" : "1023927", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023927" - }, - { - "name" : "39645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02525", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127239985506823&w=2" + }, + { + "name": "1023927", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023927" + }, + { + "name": "39645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39645" + }, + { + "name": "39736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39736" + }, + { + "name": "SSRT100083", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127239985506823&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1362.json b/2010/1xxx/CVE-2010-1362.json index 49e7004df79..f79298860ff 100644 --- a/2010/1xxx/CVE-2010-1362.json +++ b/2010/1xxx/CVE-2010-1362.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with \"create additional terms\" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/683544", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/683544" - }, - { - "name" : "http://drupal.org/node/683576", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/683576" - }, - { - "name" : "37788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37788" - }, - { - "name" : "38208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with \"create additional terms\" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/683544", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/683544" + }, + { + "name": "http://drupal.org/node/683576", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/683576" + }, + { + "name": "37788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37788" + }, + { + "name": "38208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38208" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1561.json b/2010/1xxx/CVE-2010-1561.json index cdf44fcfc42..b5fe90a9fb4 100644 --- a/2010/1xxx/CVE-2010-1561.json +++ b/2010/1xxx/CVE-2010-1561.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml" - }, - { - "name" : "40123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40123" - }, - { - "name" : "64685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64685", + "refsource": "OSVDB", + "url": "http://osvdb.org/64685" + }, + { + "name": "40123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40123" + }, + { + "name": "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1597.json b/2010/1xxx/CVE-2010-1597.json index ba732b0930e..74b6a764d4f 100644 --- a/2010/1xxx/CVE-2010-1597.json +++ b/2010/1xxx/CVE-2010-1597.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing an entry with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-029", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-029" - }, - { - "name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-029-zipgenius-v6-3-1-2552-zgtips-dll-stack-buffer-overflow/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-029-zipgenius-v6-3-1-2552-zgtips-dll-stack-buffer-overflow/" - }, - { - "name" : "12326", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12326" - }, - { - "name" : "http://feeds.feedburner.com/zipgeniusnews", - "refsource" : "CONFIRM", - "url" : "http://feeds.feedburner.com/zipgeniusnews" - }, - { - "name" : "39622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39622" - }, - { - "name" : "63971", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63971" - }, - { - "name" : "39497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39497" - }, - { - "name" : "ADV-2010-0966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0966" - }, - { - "name" : "zipgenius-zgtips-bo(58022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing an entry with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39622" + }, + { + "name": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-029-zipgenius-v6-3-1-2552-zgtips-dll-stack-buffer-overflow/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-029-zipgenius-v6-3-1-2552-zgtips-dll-stack-buffer-overflow/" + }, + { + "name": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-029", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-029" + }, + { + "name": "http://feeds.feedburner.com/zipgeniusnews", + "refsource": "CONFIRM", + "url": "http://feeds.feedburner.com/zipgeniusnews" + }, + { + "name": "39497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39497" + }, + { + "name": "ADV-2010-0966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0966" + }, + { + "name": "63971", + "refsource": "OSVDB", + "url": "http://osvdb.org/63971" + }, + { + "name": "zipgenius-zgtips-bo(58022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58022" + }, + { + "name": "12326", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12326" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1956.json b/2010/1xxx/CVE-2010-1956.json index 2abfbcc444b..dfb396054f9 100644 --- a/2010/1xxx/CVE-2010-1956.json +++ b/2010/1xxx/CVE-2010-1956.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12285", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12285" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt" - }, - { - "name" : "http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html", - "refsource" : "CONFIRM", - "url" : "http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html" - }, - { - "name" : "39547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39547" - }, - { - "name" : "63917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63917" - }, - { - "name" : "39522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39522" - }, - { - "name" : "ADV-2010-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0930" - }, - { - "name" : "comgadgetfactory-controller-file-include(57895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "comgadgetfactory-controller-file-include(57895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57895" + }, + { + "name": "39547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39547" + }, + { + "name": "63917", + "refsource": "OSVDB", + "url": "http://osvdb.org/63917" + }, + { + "name": "12285", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12285" + }, + { + "name": "39522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39522" + }, + { + "name": "ADV-2010-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0930" + }, + { + "name": "http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html", + "refsource": "CONFIRM", + "url": "http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5046.json b/2010/5xxx/CVE-2010-5046.json index fd04c4ff043..98441fe5bc5 100644 --- a/2010/5xxx/CVE-2010-5046.json +++ b/2010/5xxx/CVE-2010-5046.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100504 XSS in ecoCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511117/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/ecocms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/ecocms-xss.txt" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_in_ecocms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_in_ecocms.html" - }, - { - "name" : "39901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39901" - }, - { - "name" : "64308", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64308" - }, - { - "name" : "39678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39678" - }, - { - "name" : "ecocms-admin-xss(58335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100504 XSS in ecoCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511117/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/ecocms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/ecocms-xss.txt" + }, + { + "name": "ecocms-admin-xss(58335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58335" + }, + { + "name": "64308", + "refsource": "OSVDB", + "url": "http://osvdb.org/64308" + }, + { + "name": "39678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39678" + }, + { + "name": "39901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39901" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_in_ecocms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_in_ecocms.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5167.json b/2010/5xxx/CVE-2010-5167.json index 6808ac69754..9d628eb523d 100644 --- a/2010/5xxx/CVE-2010-5167.json +++ b/2010/5xxx/CVE-2010-5167.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0259.json b/2014/0xxx/CVE-2014-0259.json index bec8513afcd..f72cce3f700 100644 --- a/2014/0xxx/CVE-2014-0259.json +++ b/2014/0xxx/CVE-2014-0259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001" - }, - { - "name" : "1029598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029598" - }, - { - "name" : "1029599", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029599", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029599" + }, + { + "name": "1029598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029598" + }, + { + "name": "MS14-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-001" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0400.json b/2014/0xxx/CVE-2014-0400.json index a604ed874ec..6d8b8f91a1c 100644 --- a/2014/0xxx/CVE-2014-0400.json +++ b/2014/0xxx/CVE-2014-0400.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64822" - }, - { - "name" : "102112", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102112" - }, - { - "name" : "1029618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029618" - }, - { - "name" : "56460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64822" + }, + { + "name": "1029618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029618" + }, + { + "name": "56460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56460" + }, + { + "name": "102112", + "refsource": "OSVDB", + "url": "http://osvdb.org/102112" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0466.json b/2014/0xxx/CVE-2014-0466.json index e07126f4117..43249ea8fef 100644 --- a/2014/0xxx/CVE-2014-0466.json +++ b/2014/0xxx/CVE-2014-0466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" - }, - { - "name" : "DSA-2892", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2892" - }, - { - "name" : "GLSA-201701-67", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-67" - }, - { - "name" : "openSUSE-SU-2014:0499", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html" - }, - { - "name" : "66660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" + }, + { + "name": "66660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66660" + }, + { + "name": "GLSA-201701-67", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-67" + }, + { + "name": "openSUSE-SU-2014:0499", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html" + }, + { + "name": "DSA-2892", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2892" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0614.json b/2014/0xxx/CVE-2014-0614.json index 193e6673e4a..2a39e8f2d8a 100644 --- a/2014/0xxx/CVE-2014-0614.json +++ b/2014/0xxx/CVE-2014-0614.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10618", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10618" - }, - { - "name" : "66762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66762" - }, - { - "name" : "1030062", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1030062" - }, - { - "name" : "57819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030062", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1030062" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10618", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10618" + }, + { + "name": "57819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57819" + }, + { + "name": "66762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66762" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0690.json b/2014/0xxx/CVE-2014-0690.json index 734af8e85b6..199264a4c62 100644 --- a/2014/0xxx/CVE-2014-0690.json +++ b/2014/0xxx/CVE-2014-0690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0746.json b/2014/0xxx/CVE-2014-0746.json index 3ecb6011527..9fefa1d3831 100644 --- a/2014/0xxx/CVE-2014-0746.json +++ b/2014/0xxx/CVE-2014-0746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746" - }, - { - "name" : "1029842", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029842", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029842" + }, + { + "name": "20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1210.json b/2014/1xxx/CVE-2014-1210.json index 67ed5aac1fc..afe07aca70f 100644 --- a/2014/1xxx/CVE-2014-1210.json +++ b/2014/1xxx/CVE-2014-1210.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0003.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1384.json b/2014/1xxx/CVE-2014-1384.json index 380086f4799..ca0fa04f9d8 100644 --- a/2014/1xxx/CVE-2014-1384.json +++ b/2014/1xxx/CVE-2014-1384.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6367", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6367" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "GLSA-201601-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-02" - }, - { - "name" : "69223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69223" - }, - { - "name" : "1030731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030731" - }, - { - "name" : "61318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61318" - }, - { - "name" : "60705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60705" - }, - { - "name" : "apple-safari-cve20141384-code-exec(95267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69223" + }, + { + "name": "1030731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030731" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "GLSA-201601-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-02" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "http://support.apple.com/kb/HT6367", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6367" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "61318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61318" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "apple-safari-cve20141384-code-exec(95267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95267" + }, + { + "name": "60705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60705" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1513.json b/2014/1xxx/CVE-2014-1513.json index 595f399d0ba..5e375108f04 100644 --- a/2014/1xxx/CVE-2014-1513.json +++ b/2014/1xxx/CVE-2014-1513.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-31.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982974", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982974" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-2881", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2881" - }, - { - "name" : "DSA-2911", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2911" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0310", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0310.html" - }, - { - "name" : "RHSA-2014:0316", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0316.html" - }, - { - "name" : "SUSE-SU-2014:0418", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "openSUSE-SU-2014:0448", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" - }, - { - "name" : "openSUSE-SU-2014:0584", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" - }, - { - "name" : "USN-2151-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2151-1" - }, - { - "name" : "66203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-31.html" + }, + { + "name": "RHSA-2014:0310", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0310.html" + }, + { + "name": "66203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66203" + }, + { + "name": "DSA-2911", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2911" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "SUSE-SU-2014:0418", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2151-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2151-1" + }, + { + "name": "DSA-2881", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2881" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=982974", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=982974" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "RHSA-2014:0316", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0316.html" + }, + { + "name": "openSUSE-SU-2014:0584", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html" + }, + { + "name": "openSUSE-SU-2014:0448", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1589.json b/2014/1xxx/CVE-2014-1589.json index f1c9d0e206d..726321892c5 100644 --- a/2014/1xxx/CVE-2014-1589.json +++ b/2014/1xxx/CVE-2014-1589.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-84.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-84.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1043787", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1043787" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-84.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-84.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1043787", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1043787" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5115.json b/2014/5xxx/CVE-2014-5115.json index f4358a9b6f3..4c518179aef 100644 --- a/2014/5xxx/CVE-2014-5115.json +++ b/2014/5xxx/CVE-2014-5115.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34173", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34173" - }, - { - "name" : "http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34173", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34173" + }, + { + "name": "http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5531.json b/2014/5xxx/CVE-2014-5531.json index de8572da465..618b6a2613c 100644 --- a/2014/5xxx/CVE-2014-5531.json +++ b/2014/5xxx/CVE-2014-5531.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#371825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/371825" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#371825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/371825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5890.json b/2014/5xxx/CVE-2014-5890.json index 50a206cfb96..0b8613f99d8 100644 --- a/2014/5xxx/CVE-2014-5890.json +++ b/2014/5xxx/CVE-2014-5890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#953153", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/953153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#953153", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/953153" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5944.json b/2014/5xxx/CVE-2014-5944.json index e2707a0812f..ec0915dd633 100644 --- a/2014/5xxx/CVE-2014-5944.json +++ b/2014/5xxx/CVE-2014-5944.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#753657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/753657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#753657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/753657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10019.json b/2016/10xxx/CVE-2016-10019.json index 40f3127e0f1..ba160c5c1cb 100644 --- a/2016/10xxx/CVE-2016-10019.json +++ b/2016/10xxx/CVE-2016-10019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10019", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10019", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3127.json b/2016/3xxx/CVE-2016-3127.json index 71fa22e3124..d4c8c4f7525 100644 --- a/2016/3xxx/CVE-2016-3127.json +++ b/2016/3xxx/CVE-2016-3127.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@blackberry.com", - "ID" : "CVE-2016-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BlackBerry Good Control Server versions earlier than 2.3.53.62", - "version" : { - "version_data" : [ - { - "version_value" : "BlackBerry Good Control Server versions earlier than 2.3.53.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@blackberry.com", + "ID": "CVE-2016-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BlackBerry Good Control Server versions earlier than 2.3.53.62", + "version": { + "version_data": [ + { + "version_value": "BlackBerry Good Control Server versions earlier than 2.3.53.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301" - }, - { - "name" : "96629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96629" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3203.json b/2016/3xxx/CVE-2016-3203.json index e7ca359ecf5..ff86bfacb9b 100644 --- a/2016/3xxx/CVE-2016-3203.json +++ b/2016/3xxx/CVE-2016-3203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka \"Windows PDF Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-369", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-369" - }, - { - "name" : "MS16-068", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" - }, - { - "name" : "MS16-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-080" - }, - { - "name" : "91086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91086" - }, - { - "name" : "1036099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka \"Windows PDF Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-080" + }, + { + "name": "91086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91086" + }, + { + "name": "1036099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036099" + }, + { + "name": "MS16-068", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-369", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-369" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3707.json b/2016/3xxx/CVE-2016-3707.json index 627ee605dce..f92aebbfbde 100644 --- a/2016/3xxx/CVE-2016-3707.json +++ b/2016/3xxx/CVE-2016-3707.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/17/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327484", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" - }, - { - "name" : "RHSA-2016:1301", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1301" - }, - { - "name" : "RHSA-2016:1341", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1341" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:1937", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2016:1985", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1341", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1341" + }, + { + "name": "SUSE-SU-2016:1985", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" + }, + { + "name": "RHSA-2016:1301", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1301" + }, + { + "name": "[oss-security] 20160517 CVE-2016-3707 : kernel-rt - Sending SysRq command via ICMP echo request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/17/1" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327484" + }, + { + "name": "SUSE-SU-2016:1937", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3840.json b/2016/3xxx/CVE-2016-3840.json index 46f87d98170..2e79048e481 100644 --- a/2016/3xxx/CVE-2016-3840.json +++ b/2016/3xxx/CVE-2016-3840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214" - }, - { - "name" : "92229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214" + }, + { + "name": "92229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92229" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4120.json b/2016/4xxx/CVE-2016-4120.json index f73702db0c7..b11757c76c6 100644 --- a/2016/4xxx/CVE-2016-4120.json +++ b/2016/4xxx/CVE-2016-4120.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "GLSA-201606-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-08" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201606-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-08" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8223.json b/2016/8xxx/CVE-2016-8223.json index d4ac647072c..f41a4455f49 100644 --- a/2016/8xxx/CVE-2016-8223.json +++ b/2016/8xxx/CVE-2016-8223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.66.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lenovo System Interface Foundation Privilege Escalation?" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.", + "version": { + "version_data": [ + { + "version_value": "1.0.66.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN_10150", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN_10150" - }, - { - "name" : "94597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lenovo System Interface Foundation Privilege Escalation?" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN_10150", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN_10150" + }, + { + "name": "94597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94597" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8663.json b/2016/8xxx/CVE-2016-8663.json index 9d040054334..514541bb0dc 100644 --- a/2016/8xxx/CVE-2016-8663.json +++ b/2016/8xxx/CVE-2016-8663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8663", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8663", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8678.json b/2016/8xxx/CVE-2016-8678.json index b8512029cc7..53fef8ad069 100644 --- a/2016/8xxx/CVE-2016-8678.json +++ b/2016/8xxx/CVE-2016-8678.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says \"This is a Q64 issue and we do not support Q64.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/2" - }, - { - "name" : "[oss-security] 20161208 Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/08/18" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/272", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/272" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385694", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385694" - }, - { - "name" : "93599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says \"This is a Q64 issue and we do not support Q64.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385694", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385694" + }, + { + "name": "[oss-security] 20161208 Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/18" + }, + { + "name": "[oss-security] 20161015 Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/2" + }, + { + "name": "93599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93599" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/272", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/272" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9258.json b/2016/9xxx/CVE-2016-9258.json index 7fb7b991f74..7f917a29758 100644 --- a/2016/9xxx/CVE-2016-9258.json +++ b/2016/9xxx/CVE-2016-9258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9258", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9258", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9319.json b/2016/9xxx/CVE-2016-9319.json index 12841866cc7..b62440b2884 100644 --- a/2016/9xxx/CVE-2016-9319.json +++ b/2016/9xxx/CVE-2016-9319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.html", - "refsource" : "MISC", - "url" : "http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.html" - }, - { - "name" : "https://success.trendmicro.com/solution/1116973", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1116973" - }, - { - "name" : "97272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97272" + }, + { + "name": "http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.html", + "refsource": "MISC", + "url": "http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.html" + }, + { + "name": "https://success.trendmicro.com/solution/1116973", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1116973" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9400.json b/2016/9xxx/CVE-2016-9400.json index c8994a23be8..4ef36aa9022 100644 --- a/2016/9xxx/CVE-2016-9400.json +++ b/2016/9xxx/CVE-2016-9400.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-9400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161116 CVE Request: teeworlds: possible remote code execution on teeworlds client", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/16/8" - }, - { - "name" : "[oss-security] 20161117 Re: CVE Request: teeworlds: possible remote code execution on teeworlds client", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/17/8" - }, - { - "name" : "https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62", - "refsource" : "CONFIRM", - "url" : "https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62" - }, - { - "name" : "https://www.teeworlds.com/?page=news&id=12086", - "refsource" : "CONFIRM", - "url" : "https://www.teeworlds.com/?page=news&id=12086" - }, - { - "name" : "FEDORA-2016-7470a63cd1", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/" - }, - { - "name" : "GLSA-201705-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-13" - }, - { - "name" : "94381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-13" + }, + { + "name": "https://www.teeworlds.com/?page=news&id=12086", + "refsource": "CONFIRM", + "url": "https://www.teeworlds.com/?page=news&id=12086" + }, + { + "name": "FEDORA-2016-7470a63cd1", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/" + }, + { + "name": "94381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94381" + }, + { + "name": "[oss-security] 20161116 CVE Request: teeworlds: possible remote code execution on teeworlds client", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/16/8" + }, + { + "name": "[oss-security] 20161117 Re: CVE Request: teeworlds: possible remote code execution on teeworlds client", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/17/8" + }, + { + "name": "https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62", + "refsource": "CONFIRM", + "url": "https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9613.json b/2016/9xxx/CVE-2016-9613.json index b8156ce7d11..2011f6eedde 100644 --- a/2016/9xxx/CVE-2016-9613.json +++ b/2016/9xxx/CVE-2016-9613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9613", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9613", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9888.json b/2016/9xxx/CVE-2016-9888.json index 286ea04dc64..1b556c88596 100644 --- a/2016/9xxx/CVE-2016-9888.json +++ b/2016/9xxx/CVE-2016-9888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"tar_directory_for_file()\" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5", - "refsource" : "MISC", - "url" : "https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5" - }, - { - "name" : "https://secunia.com/advisories/71201/", - "refsource" : "MISC", - "url" : "https://secunia.com/advisories/71201/" - }, - { - "name" : "https://secunia.com/secunia_research/2016-17/", - "refsource" : "MISC", - "url" : "https://secunia.com/secunia_research/2016-17/" - }, - { - "name" : "94860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"tar_directory_for_file()\" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secunia.com/advisories/71201/", + "refsource": "MISC", + "url": "https://secunia.com/advisories/71201/" + }, + { + "name": "https://secunia.com/secunia_research/2016-17/", + "refsource": "MISC", + "url": "https://secunia.com/secunia_research/2016-17/" + }, + { + "name": "94860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94860" + }, + { + "name": "https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5", + "refsource": "MISC", + "url": "https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2272.json b/2019/2xxx/CVE-2019-2272.json index f1a24ca824e..81b57fe25ab 100644 --- a/2019/2xxx/CVE-2019-2272.json +++ b/2019/2xxx/CVE-2019-2272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2387.json b/2019/2xxx/CVE-2019-2387.json index d9fb5444d81..0a30e39afd4 100644 --- a/2019/2xxx/CVE-2019-2387.json +++ b/2019/2xxx/CVE-2019-2387.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2387", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2387", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2641.json b/2019/2xxx/CVE-2019-2641.json index c106dbe7a2e..0939729b975 100644 --- a/2019/2xxx/CVE-2019-2641.json +++ b/2019/2xxx/CVE-2019-2641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2641", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2686.json b/2019/2xxx/CVE-2019-2686.json index e8454041b37..54462265338 100644 --- a/2019/2xxx/CVE-2019-2686.json +++ b/2019/2xxx/CVE-2019-2686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6042.json b/2019/6xxx/CVE-2019-6042.json index 1fb6e899d89..8077b21fc13 100644 --- a/2019/6xxx/CVE-2019-6042.json +++ b/2019/6xxx/CVE-2019-6042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6138.json b/2019/6xxx/CVE-2019-6138.json index b1fb06f5c0d..83bbb6c23be 100644 --- a/2019/6xxx/CVE-2019-6138.json +++ b/2019/6xxx/CVE-2019-6138.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mz-automation/libiec61850/issues/103", - "refsource" : "MISC", - "url" : "https://github.com/mz-automation/libiec61850/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_memory.c have memory leaks when called from mms/iso_mms/common/mms_value.c, server/mms_mapping/mms_mapping.c, and server/mms_mapping/mms_sv.c (via common/string_utilities.c), as demonstrated by iec61850_9_2_LE_example.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mz-automation/libiec61850/issues/103", + "refsource": "MISC", + "url": "https://github.com/mz-automation/libiec61850/issues/103" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6236.json b/2019/6xxx/CVE-2019-6236.json index 0f03b12e021..745dec41930 100644 --- a/2019/6xxx/CVE-2019-6236.json +++ b/2019/6xxx/CVE-2019-6236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6927.json b/2019/6xxx/CVE-2019-6927.json index dab97cf2f34..1be65a9973d 100644 --- a/2019/6xxx/CVE-2019-6927.json +++ b/2019/6xxx/CVE-2019-6927.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6927", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6927", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7259.json b/2019/7xxx/CVE-2019-7259.json index 5fb908312e4..f06bda7a5a8 100644 --- a/2019/7xxx/CVE-2019-7259.json +++ b/2019/7xxx/CVE-2019-7259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7334.json b/2019/7xxx/CVE-2019-7334.json index 63554a33fe1..927618dd239 100644 --- a/2019/7xxx/CVE-2019-7334.json +++ b/2019/7xxx/CVE-2019-7334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2443", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2443", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2443" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7847.json b/2019/7xxx/CVE-2019-7847.json index b4fd809513c..6cd6dfe4416 100644 --- a/2019/7xxx/CVE-2019-7847.json +++ b/2019/7xxx/CVE-2019-7847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7847", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7847", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file