From 3bb35226263ffc4b0c13ab5655c8a67b6c4a43f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:47:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5458.json | 160 +++++++++++++------------- 2006/5xxx/CVE-2006-5586.json | 180 ++++++++++++++--------------- 2006/5xxx/CVE-2006-5628.json | 150 ++++++++++++------------- 2006/5xxx/CVE-2006-5707.json | 200 ++++++++++++++++----------------- 2007/2xxx/CVE-2007-2220.json | 34 +++--- 2007/2xxx/CVE-2007-2321.json | 160 +++++++++++++------------- 2007/2xxx/CVE-2007-2584.json | 200 ++++++++++++++++----------------- 2007/2xxx/CVE-2007-2860.json | 160 +++++++++++++------------- 2007/3xxx/CVE-2007-3280.json | 170 ++++++++++++++-------------- 2007/3xxx/CVE-2007-3497.json | 130 ++++++++++----------- 2007/6xxx/CVE-2007-6584.json | 200 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6689.json | 160 +++++++++++++------------- 2010/0xxx/CVE-2010-0198.json | 160 +++++++++++++------------- 2010/0xxx/CVE-2010-0672.json | 150 ++++++++++++------------- 2010/1xxx/CVE-2010-1031.json | 170 ++++++++++++++-------------- 2010/1xxx/CVE-2010-1079.json | 140 +++++++++++------------ 2010/1xxx/CVE-2010-1161.json | 170 ++++++++++++++-------------- 2010/1xxx/CVE-2010-1600.json | 180 ++++++++++++++--------------- 2010/1xxx/CVE-2010-1843.json | 180 ++++++++++++++--------------- 2010/5xxx/CVE-2010-5065.json | 130 ++++++++++----------- 2014/0xxx/CVE-2014-0081.json | 190 +++++++++++++++---------------- 2014/0xxx/CVE-2014-0159.json | 170 ++++++++++++++-------------- 2014/0xxx/CVE-2014-0474.json | 180 ++++++++++++++--------------- 2014/0xxx/CVE-2014-0606.json | 34 +++--- 2014/0xxx/CVE-2014-0624.json | 120 ++++++++++---------- 2014/0xxx/CVE-2014-0871.json | 180 ++++++++++++++--------------- 2014/1xxx/CVE-2014-1643.json | 150 ++++++++++++------------- 2014/1xxx/CVE-2014-1935.json | 34 +++--- 2014/4xxx/CVE-2014-4011.json | 150 ++++++++++++------------- 2014/5xxx/CVE-2014-5179.json | 140 +++++++++++------------ 2014/5xxx/CVE-2014-5253.json | 160 +++++++++++++------------- 2014/5xxx/CVE-2014-5387.json | 160 +++++++++++++------------- 2014/5xxx/CVE-2014-5751.json | 140 +++++++++++------------ 2016/10xxx/CVE-2016-10211.json | 140 +++++++++++------------ 2016/10xxx/CVE-2016-10212.json | 140 +++++++++++------------ 2016/10xxx/CVE-2016-10686.json | 122 ++++++++++---------- 2016/3xxx/CVE-2016-3283.json | 140 +++++++++++------------ 2016/3xxx/CVE-2016-3804.json | 120 ++++++++++---------- 2016/3xxx/CVE-2016-3929.json | 130 ++++++++++----------- 2016/8xxx/CVE-2016-8243.json | 34 +++--- 2016/8xxx/CVE-2016-8297.json | 176 ++++++++++++++--------------- 2016/8xxx/CVE-2016-8641.json | 192 +++++++++++++++---------------- 2016/9xxx/CVE-2016-9100.json | 180 ++++++++++++++--------------- 2016/9xxx/CVE-2016-9168.json | 130 ++++++++++----------- 2016/9xxx/CVE-2016-9267.json | 34 +++--- 2016/9xxx/CVE-2016-9995.json | 34 +++--- 2019/2xxx/CVE-2019-2126.json | 34 +++--- 2019/2xxx/CVE-2019-2473.json | 140 +++++++++++------------ 2019/2xxx/CVE-2019-2508.json | 140 +++++++++++------------ 2019/2xxx/CVE-2019-2522.json | 140 +++++++++++------------ 2019/2xxx/CVE-2019-2792.json | 34 +++--- 2019/6xxx/CVE-2019-6014.json | 34 +++--- 2019/6xxx/CVE-2019-6329.json | 34 +++--- 2019/6xxx/CVE-2019-6733.json | 34 +++--- 54 files changed, 3577 insertions(+), 3577 deletions(-) diff --git a/2006/5xxx/CVE-2006-5458.json b/2006/5xxx/CVE-2006-5458.json index 6de0cc70be0..98c8e0fc52e 100644 --- a/2006/5xxx/CVE-2006-5458.json +++ b/2006/5xxx/CVE-2006-5458.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2526", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2526" - }, - { - "name" : "20491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20491" - }, - { - "name" : "ADV-2006-4023", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4023" - }, - { - "name" : "22404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22404" - }, - { - "name" : "phphttopsites-common-file-include(29492)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4023", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4023" + }, + { + "name": "2526", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2526" + }, + { + "name": "phphttopsites-common-file-include(29492)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29492" + }, + { + "name": "20491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20491" + }, + { + "name": "22404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22404" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5586.json b/2006/5xxx/CVE-2006-5586.json index cc73df58539..f3e744bfbc0 100644 --- a/2006/5xxx/CVE-2006-5586.json +++ b/2006/5xxx/CVE-2006-5586.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via \"invalid application window sizes\" in layered application windows, aka the \"GDI Invalid Window Size Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-5586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02206", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466186/100/200/threaded" - }, - { - "name" : "SSRT071354", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466186/100/200/threaded" - }, - { - "name" : "MS07-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017" - }, - { - "name" : "23277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23277" - }, - { - "name" : "ADV-2007-1215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1215" - }, - { - "name" : "oval:org.mitre.oval:def:1385", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385" - }, - { - "name" : "1017846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via \"invalid application window sizes\" in layered application windows, aka the \"GDI Invalid Window Size Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1215" + }, + { + "name": "HPSBST02206", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1385", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1385" + }, + { + "name": "MS07-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017" + }, + { + "name": "23277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23277" + }, + { + "name": "1017846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017846" + }, + { + "name": "SSRT071354", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466186/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5628.json b/2006/5xxx/CVE-2006-5628.json index ce1394326bc..7887187bebb 100644 --- a/2006/5xxx/CVE-2006-5628.json +++ b/2006/5xxx/CVE-2006-5628.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061027 UNISOR CMS sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449905/100/0/threaded" - }, - { - "name" : "20770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20770" - }, - { - "name" : "1800", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1800" - }, - { - "name" : "unisorcms-login-sql-injection(29855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20770" + }, + { + "name": "20061027 UNISOR CMS sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449905/100/0/threaded" + }, + { + "name": "1800", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1800" + }, + { + "name": "unisorcms-login-sql-injection(29855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29855" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5707.json b/2006/5xxx/CVE-2006-5707.json index f2c9f7c37fc..86e4240ca9a 100644 --- a/2006/5xxx/CVE-2006-5707.json +++ b/2006/5xxx/CVE-2006-5707.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061029 PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450052/100/0/threaded" - }, - { - "name" : "20061029 PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450054/100/0/threaded" - }, - { - "name" : "2675", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2675" - }, - { - "name" : "20790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20790" - }, - { - "name" : "ADV-2006-4263", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4263" - }, - { - "name" : "1017137", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017137" - }, - { - "name" : "22616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22616" - }, - { - "name" : "1814", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1814" - }, - { - "name" : "phpeasydata-index-sql-injection(29866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20790" + }, + { + "name": "22616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22616" + }, + { + "name": "1814", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1814" + }, + { + "name": "1017137", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017137" + }, + { + "name": "2675", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2675" + }, + { + "name": "20061029 PHPEasyData Pro 1.4.1 (index.php) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450052/100/0/threaded" + }, + { + "name": "20061029 PHPEasyData Pro 2.2.1 (index.php) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450054/100/0/threaded" + }, + { + "name": "ADV-2006-4263", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4263" + }, + { + "name": "phpeasydata-index-sql-injection(29866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29866" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2220.json b/2007/2xxx/CVE-2007-2220.json index e47e90b2f3e..72880dd23be 100644 --- a/2007/2xxx/CVE-2007-2220.json +++ b/2007/2xxx/CVE-2007-2220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2220", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-2220", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2321.json b/2007/2xxx/CVE-2007-2321.json index 3bb222cad62..356896c35a7 100644 --- a/2007/2xxx/CVE-2007-2321.json +++ b/2007/2xxx/CVE-2007-2321.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.silverstripe.com/silverstripe-2-0-1-released/", - "refsource" : "CONFIRM", - "url" : "http://www.silverstripe.com/silverstripe-2-0-1-released/" - }, - { - "name" : "ADV-2007-1537", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1537" - }, - { - "name" : "35323", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35323" - }, - { - "name" : "24936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24936" - }, - { - "name" : "silverstripe-search-unspecified(33883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.silverstripe.com/silverstripe-2-0-1-released/", + "refsource": "CONFIRM", + "url": "http://www.silverstripe.com/silverstripe-2-0-1-released/" + }, + { + "name": "ADV-2007-1537", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1537" + }, + { + "name": "35323", + "refsource": "OSVDB", + "url": "http://osvdb.org/35323" + }, + { + "name": "silverstripe-search-unspecified(33883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883" + }, + { + "name": "24936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24936" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2584.json b/2007/2xxx/CVE-2007-2584.json index 61109a84c46..472f283e15f 100644 --- a/2007/2xxx/CVE-2007-2584.json +++ b/2007/2xxx/CVE-2007-2584.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070508 McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528" - }, - { - "name" : "http://ts.mcafeehelp.com/faq3.asp?docid=419189", - "refsource" : "CONFIRM", - "url" : "http://ts.mcafeehelp.com/faq3.asp?docid=419189" - }, - { - "name" : "23888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23888" - }, - { - "name" : "23909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23909" - }, - { - "name" : "35874", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35874" - }, - { - "name" : "ADV-2007-1717", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1717" - }, - { - "name" : "1018028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018028" - }, - { - "name" : "25173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25173" - }, - { - "name" : "mcafee-mcsubmgr-activex-bo(34179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018028" + }, + { + "name": "23888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23888" + }, + { + "name": "20070508 McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528" + }, + { + "name": "35874", + "refsource": "OSVDB", + "url": "http://osvdb.org/35874" + }, + { + "name": "25173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25173" + }, + { + "name": "ADV-2007-1717", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1717" + }, + { + "name": "mcafee-mcsubmgr-activex-bo(34179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34179" + }, + { + "name": "23909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23909" + }, + { + "name": "http://ts.mcafeehelp.com/faq3.asp?docid=419189", + "refsource": "CONFIRM", + "url": "http://ts.mcafeehelp.com/faq3.asp?docid=419189" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2860.json b/2007/2xxx/CVE-2007-2860.json index 40065db8264..73e193f6ba4 100644 --- a/2007/2xxx/CVE-2007-2860.json +++ b/2007/2xxx/CVE-2007-2860.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070522 BoastMachine v3.0 platinum - Session Ýd Hacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469226/100/0/threaded" - }, - { - "name" : "24096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24096" - }, - { - "name" : "41027", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41027" - }, - { - "name" : "2736", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2736" - }, - { - "name" : "boastmachine-login-user-session-hijacking(34462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41027", + "refsource": "OSVDB", + "url": "http://osvdb.org/41027" + }, + { + "name": "boastmachine-login-user-session-hijacking(34462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34462" + }, + { + "name": "2736", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2736" + }, + { + "name": "24096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24096" + }, + { + "name": "20070522 BoastMachine v3.0 platinum - Session Ýd Hacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469226/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3280.json b/2007/3xxx/CVE-2007-3280.json index 1df44245e7f..63900bd31e6 100644 --- a/2007/3xxx/CVE-2007-3280.json +++ b/2007/3xxx/CVE-2007-3280.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070616 Having Fun With PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471541/100/0/threaded" - }, - { - "name" : "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", - "refsource" : "MISC", - "url" : "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt" - }, - { - "name" : "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf" - }, - { - "name" : "MDKSA-2007:188", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188" - }, - { - "name" : "40901", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40901" - }, - { - "name" : "postgresql-dblink-command-execution(35145)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt", + "refsource": "MISC", + "url": "http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt" + }, + { + "name": "MDKSA-2007:188", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:188" + }, + { + "name": "40901", + "refsource": "OSVDB", + "url": "http://osvdb.org/40901" + }, + { + "name": "postgresql-dblink-command-execution(35145)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35145" + }, + { + "name": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf" + }, + { + "name": "20070616 Having Fun With PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471541/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3497.json b/2007/3xxx/CVE-2007-3497.json index b961090ee8e..2448fd26bd3 100644 --- a/2007/3xxx/CVE-2007-3497.json +++ b/2007/3xxx/CVE-2007-3497.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.0x000000.com/?i=363", - "refsource" : "MISC", - "url" : "http://www.0x000000.com/?i=363" - }, - { - "name" : "38955", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.0x000000.com/?i=363", + "refsource": "MISC", + "url": "http://www.0x000000.com/?i=363" + }, + { + "name": "38955", + "refsource": "OSVDB", + "url": "http://osvdb.org/38955" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6584.json b/2007/6xxx/CVE-2007-6584.json index 7944dabfae3..fe24a72f333 100644 --- a/2007/6xxx/CVE-2007-6584.json +++ b/2007/6xxx/CVE-2007-6584.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4765" - }, - { - "name" : "5434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5434" - }, - { - "name" : "28753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28753" - }, - { - "name" : "41280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41280" - }, - { - "name" : "41281", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41281" - }, - { - "name" : "41282", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41282" - }, - { - "name" : "41283", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41283" - }, - { - "name" : "41284", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41284" - }, - { - "name" : "29810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5434" + }, + { + "name": "4765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4765" + }, + { + "name": "41280", + "refsource": "OSVDB", + "url": "http://osvdb.org/41280" + }, + { + "name": "41283", + "refsource": "OSVDB", + "url": "http://osvdb.org/41283" + }, + { + "name": "41281", + "refsource": "OSVDB", + "url": "http://osvdb.org/41281" + }, + { + "name": "29810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29810" + }, + { + "name": "41282", + "refsource": "OSVDB", + "url": "http://osvdb.org/41282" + }, + { + "name": "41284", + "refsource": "OSVDB", + "url": "http://osvdb.org/41284" + }, + { + "name": "28753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28753" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6689.json b/2007/6xxx/CVE-2007-6689.json index 34cf63d8a3d..7046b9b2967 100644 --- a/2007/6xxx/CVE-2007-6689.json +++ b/2007/6xxx/CVE-2007-6689.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.4_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.4_released" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217" - }, - { - "name" : "GLSA-200802-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml" - }, - { - "name" : "41669", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41669" - }, - { - "name" : "28898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_2.2.4_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.4_released" + }, + { + "name": "GLSA-200802-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-04.xml" + }, + { + "name": "41669", + "refsource": "OSVDB", + "url": "http://osvdb.org/41669" + }, + { + "name": "28898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28898" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203217", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203217" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0198.json b/2010/0xxx/CVE-2010-0198.json index f82a334fef8..9b80d7acb0e 100644 --- a/2010/0xxx/CVE-2010-0198.json +++ b/2010/0xxx/CVE-2010-0198.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" - }, - { - "name" : "TA10-103C", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" - }, - { - "name" : "39329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39329" - }, - { - "name" : "oval:org.mitre.oval:def:7106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7106" - }, - { - "name" : "ADV-2010-0873", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0873", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0873" + }, + { + "name": "TA10-103C", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" + }, + { + "name": "39329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39329" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html" + }, + { + "name": "oval:org.mitre.oval:def:7106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7106" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0672.json b/2010/0xxx/CVE-2010-0672.json index 6451f57ab46..4c50f311ab8 100644 --- a/2010/0xxx/CVE-2010-0672.json +++ b/2010/0xxx/CVE-2010-0672.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/wsnguest102-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/wsnguest102-sql.txt" - }, - { - "name" : "11436", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11436" - }, - { - "name" : "38236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38236" - }, - { - "name" : "wsnguest-orderlinks-sql-injection(56256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wsnguest-orderlinks-sql-injection(56256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56256" + }, + { + "name": "38236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38236" + }, + { + "name": "11436", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11436" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/wsnguest102-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/wsnguest102-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1031.json b/2010/1xxx/CVE-2010-1031.json index f1b3dd47231..42c30ec94fa 100644 --- a/2010/1xxx/CVE-2010-1031.json +++ b/2010/1xxx/CVE-2010-1031.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02513", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996888626964&w=2" - }, - { - "name" : "SSRT090110", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126996888626964&w=2" - }, - { - "name" : "39052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39052" - }, - { - "name" : "1023771", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023771" - }, - { - "name" : "39227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39227" - }, - { - "name" : "ADV-2010-0750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39052" + }, + { + "name": "39227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39227" + }, + { + "name": "HPSBMA02513", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996888626964&w=2" + }, + { + "name": "ADV-2010-0750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0750" + }, + { + "name": "1023771", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023771" + }, + { + "name": "SSRT090110", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126996888626964&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1079.json b/2010/1xxx/CVE-2010-1079.json index 1e1ca85dd3d..821252f6417 100644 --- a/2010/1xxx/CVE-2010-1079.json +++ b/2010/1xxx/CVE-2010-1079.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sawmill.net/version_history7.html", - "refsource" : "CONFIRM", - "url" : "http://www.sawmill.net/version_history7.html" - }, - { - "name" : "38387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38387" - }, - { - "name" : "38730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38730" + }, + { + "name": "http://www.sawmill.net/version_history7.html", + "refsource": "CONFIRM", + "url": "http://www.sawmill.net/version_history7.html" + }, + { + "name": "38387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38387" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1161.json b/2010/1xxx/CVE-2010-1161.json index a2695463f45..532e3fecceb 100644 --- a/2010/1xxx/CVE-2010-1161.json +++ b/2010/1xxx/CVE-2010-1161.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Nano-devel] 20100407 New prerelease for security tweaks", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html" - }, - { - "name" : "[oss-security] 20100414 CVE request: GNU nano (minor)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/14/4" - }, - { - "name" : "http://drosenbe.blogspot.com/2010/03/nano-as-root.html", - "refsource" : "MISC", - "url" : "http://drosenbe.blogspot.com/2010/03/nano-as-root.html" - }, - { - "name" : "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup", - "refsource" : "CONFIRM", - "url" : "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup" - }, - { - "name" : "1023891", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023891" - }, - { - "name" : "39444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Nano-devel] 20100407 New prerelease for security tweaks", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html" + }, + { + "name": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup", + "refsource": "CONFIRM", + "url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup" + }, + { + "name": "[oss-security] 20100414 CVE request: GNU nano (minor)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/14/4" + }, + { + "name": "1023891", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023891" + }, + { + "name": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html", + "refsource": "MISC", + "url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html" + }, + { + "name": "39444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39444" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1600.json b/2010/1xxx/CVE-2010-1600.json index 637f957eedc..554db6ab9aa 100644 --- a/2010/1xxx/CVE-2010-1600.json +++ b/2010/1xxx/CVE-2010-1600.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12234", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12234" - }, - { - "name" : "http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt" - }, - { - "name" : "http://www.thefactory.ro/shop/joomla-components/media-mall.html", - "refsource" : "CONFIRM", - "url" : "http://www.thefactory.ro/shop/joomla-components/media-mall.html" - }, - { - "name" : "39488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39488" - }, - { - "name" : "63940", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63940" - }, - { - "name" : "39546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39546" - }, - { - "name" : "mediamall-category-sql-injection(57906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.thefactory.ro/shop/joomla-components/media-mall.html", + "refsource": "CONFIRM", + "url": "http://www.thefactory.ro/shop/joomla-components/media-mall.html" + }, + { + "name": "mediamall-category-sql-injection(57906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57906" + }, + { + "name": "39546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39546" + }, + { + "name": "63940", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63940" + }, + { + "name": "39488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39488" + }, + { + "name": "12234", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12234" + }, + { + "name": "http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1843.json b/2010/1xxx/CVE-2010-1843.json index ff25087fbbf..15a18cb981e 100644 --- a/2010/1xxx/CVE-2010-1843.json +++ b/2010/1xxx/CVE-2010-1843.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "1024723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024723" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024723" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5065.json b/2010/5xxx/CVE-2010-5065.json index f46dca477ab..873815b5188 100644 --- a/2010/5xxx/CVE-2010-5065.json +++ b/2010/5xxx/CVE-2010-5065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Aug/235" - }, - { - "name" : "http://dmcdonald.net/vwar.txt", - "refsource" : "MISC", - "url" : "http://dmcdonald.net/vwar.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dmcdonald.net/vwar.txt", + "refsource": "MISC", + "url": "http://dmcdonald.net/vwar.txt" + }, + { + "name": "20100822 VWar 1.6.1 R2 Multiple Remote Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Aug/235" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0081.json b/2014/0xxx/CVE-2014-0081.json index a2670750aed..9e86df6c069 100644 --- a/2014/0xxx/CVE-2014-0081.json +++ b/2014/0xxx/CVE-2014-0081.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/18/8" - }, - { - "name" : "[rubyonrails-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" - }, - { - "name" : "RHSA-2014:0215", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0215.html" - }, - { - "name" : "RHSA-2014:0306", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0306.html" - }, - { - "name" : "openSUSE-SU-2014:0295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" - }, - { - "name" : "65647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65647" - }, - { - "name" : "1029782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029782" - }, - { - "name" : "57376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0215", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" + }, + { + "name": "RHSA-2014:0306", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" + }, + { + "name": "65647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65647" + }, + { + "name": "1029782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029782" + }, + { + "name": "[oss-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/18/8" + }, + { + "name": "openSUSE-SU-2014:0295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" + }, + { + "name": "57376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57376" + }, + { + "name": "[rubyonrails-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0159.json b/2014/0xxx/CVE-2014-0159.json index e608e1de051..f5645e8b245 100644 --- a/2014/0xxx/CVE-2014-0159.json +++ b/2014/0xxx/CVE-2014-0159.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt", - "refsource" : "CONFIRM", - "url" : "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt" - }, - { - "name" : "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" - }, - { - "name" : "DSA-2899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2899" - }, - { - "name" : "MDVSA-2014:244", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244" - }, - { - "name" : "57779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57779" - }, - { - "name" : "57832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt", + "refsource": "CONFIRM", + "url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt" + }, + { + "name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" + }, + { + "name": "57779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57779" + }, + { + "name": "MDVSA-2014:244", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244" + }, + { + "name": "57832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57832" + }, + { + "name": "DSA-2899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2899" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0474.json b/2014/0xxx/CVE-2014-0474.json index 731dbcb61b3..6be9b82d793 100644 --- a/2014/0xxx/CVE-2014-0474.json +++ b/2014/0xxx/CVE-2014-0474.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-0474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2014/apr/21/security/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2014/apr/21/security/" - }, - { - "name" : "DSA-2934", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2934" - }, - { - "name" : "RHSA-2014:0456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0456.html" - }, - { - "name" : "RHSA-2014:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0457.html" - }, - { - "name" : "openSUSE-SU-2014:1132", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" - }, - { - "name" : "USN-2169-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2169-1" - }, - { - "name" : "61281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2169-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2169-1" + }, + { + "name": "https://www.djangoproject.com/weblog/2014/apr/21/security/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2014/apr/21/security/" + }, + { + "name": "RHSA-2014:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0457.html" + }, + { + "name": "61281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61281" + }, + { + "name": "DSA-2934", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2934" + }, + { + "name": "openSUSE-SU-2014:1132", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html" + }, + { + "name": "RHSA-2014:0456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0456.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0606.json b/2014/0xxx/CVE-2014-0606.json index cfc38f086bc..f2ea7941b50 100644 --- a/2014/0xxx/CVE-2014-0606.json +++ b/2014/0xxx/CVE-2014-0606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0606", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was MERGED into CVE-2014-0603 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0603 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0606", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was MERGED into CVE-2014-0603 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0603 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0624.json b/2014/0xxx/CVE-2014-0624.json index f15bd9f1932..8ec11367767 100644 --- a/2014/0xxx/CVE-2014-0624.json +++ b/2014/0xxx/CVE-2014-0624.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2014/Mar/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2014/Mar/8" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0871.json b/2014/0xxx/CVE-2014-0871.json index 9a13a5e245b..2eaacaf7ce5 100644 --- a/2014/0xxx/CVE-2014-0871.json +++ b/2014/0xxx/CVE-2014-0871.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \\x00 character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded" - }, - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/173" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" - }, - { - "name" : "59296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59296" - }, - { - "name" : "ibm-aclm-cve20140871-tomcat(90945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \\x00 character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" + }, + { + "name": "ibm-aclm-cve20140871-tomcat(90945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90945" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded" + }, + { + "name": "59296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59296" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/173" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1643.json b/2014/1xxx/CVE-2014-1643.json index b291a0eb734..74872c80c80 100644 --- a/2014/1xxx/CVE-2014-1643.json +++ b/2014/1xxx/CVE-2014-1643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00" - }, - { - "name" : "65300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65300" - }, - { - "name" : "1029729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029729" - }, - { - "name" : "symantec-cve20141643-info-disc(90946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029729" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00" + }, + { + "name": "65300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65300" + }, + { + "name": "symantec-cve20141643-info-disc(90946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1935.json b/2014/1xxx/CVE-2014-1935.json index f709bb39274..73b7e52ce70 100644 --- a/2014/1xxx/CVE-2014-1935.json +++ b/2014/1xxx/CVE-2014-1935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4011.json b/2014/4xxx/CVE-2014-4011.json index 8b1dec3fb09..f8b1fa1dbda 100644 --- a/2014/4xxx/CVE-2014-4011.json +++ b/2014/4xxx/CVE-2014-4011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/36" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1789569", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1789569" - }, - { - "name" : "67920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67920" + }, + { + "name": "20140606 [Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/36" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "https://service.sap.com/sap/support/notes/1789569", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1789569" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5179.json b/2014/5xxx/CVE-2014-5179.json index 9cd5f9e0fb4..beb50acba1d 100644 --- a/2014/5xxx/CVE-2014-5179.json +++ b/2014/5xxx/CVE-2014-5179.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2308503", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2308503" - }, - { - "name" : "68861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68861" - }, - { - "name" : "freelinking-drupal-casetracker-sec-bypass(94870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freelinking-drupal-casetracker-sec-bypass(94870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94870" + }, + { + "name": "https://www.drupal.org/node/2308503", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2308503" + }, + { + "name": "68861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68861" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5253.json b/2014/5xxx/CVE-2014-5253.json index 7d06039bf62..6d289c5753e 100644 --- a/2014/5xxx/CVE-2014-5253.json +++ b/2014/5xxx/CVE-2014-5253.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/15/6" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1349597", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/keystone/+bug/1349597" - }, - { - "name" : "RHSA-2014:1121", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1121.html" - }, - { - "name" : "RHSA-2014:1122", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1122.html" - }, - { - "name" : "USN-2324-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2324-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/keystone/+bug/1349597", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/keystone/+bug/1349597" + }, + { + "name": "RHSA-2014:1121", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html" + }, + { + "name": "RHSA-2014:1122", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html" + }, + { + "name": "USN-2324-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2324-1" + }, + { + "name": "[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5387.json b/2014/5xxx/CVE-2014-5387.json index 4b3e3d7c1fa..20a027edc03 100644 --- a/2014/5xxx/CVE-2014-5387.json +++ b/2014/5xxx/CVE-2014-5387.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/2" - }, - { - "name" : "https://ellislab.com/expressionengine/user-guide/about/changelog.html", - "refsource" : "MISC", - "url" : "https://ellislab.com/expressionengine/user-guide/about/changelog.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387" - }, - { - "name" : "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html" - }, - { - "name" : "70875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html" + }, + { + "name": "https://ellislab.com/expressionengine/user-guide/about/changelog.html", + "refsource": "MISC", + "url": "https://ellislab.com/expressionengine/user-guide/about/changelog.html" + }, + { + "name": "70875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70875" + }, + { + "name": "20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/2" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5751.json b/2014/5xxx/CVE-2014-5751.json index fbdd14646c6..0f38983e114 100644 --- a/2014/5xxx/CVE-2014-5751.json +++ b/2014/5xxx/CVE-2014-5751.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#354049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/354049" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#354049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/354049" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10211.json b/2016/10xxx/CVE-2016-10211.json index 7b9f6c6a533..037c9e9a920 100644 --- a/2016/10xxx/CVE-2016-10211.json +++ b/2016/10xxx/CVE-2016-10211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f" - }, - { - "name" : "https://github.com/VirusTotal/yara/issues/575", - "refsource" : "CONFIRM", - "url" : "https://github.com/VirusTotal/yara/issues/575" - }, - { - "name" : "98078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98078" + }, + { + "name": "https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/commit/890c3f850293176c0e996a602ffa88b315f4e98f" + }, + { + "name": "https://github.com/VirusTotal/yara/issues/575", + "refsource": "CONFIRM", + "url": "https://github.com/VirusTotal/yara/issues/575" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10212.json b/2016/10xxx/CVE-2016-10212.json index bb48ea8f550..1f27bdcabe1 100644 --- a/2016/10xxx/CVE-2016-10212.json +++ b/2016/10xxx/CVE-2016-10212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a \"forbidden attack,\" a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nonce-disrespect/nonce-disrespect", - "refsource" : "MISC", - "url" : "https://github.com/nonce-disrespect/nonce-disrespect" - }, - { - "name" : "https://support.radware.com/app/answers/answer_view/a_id/18456", - "refsource" : "CONFIRM", - "url" : "https://support.radware.com/app/answers/answer_view/a_id/18456" - }, - { - "name" : "96172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a \"forbidden attack,\" a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nonce-disrespect/nonce-disrespect", + "refsource": "MISC", + "url": "https://github.com/nonce-disrespect/nonce-disrespect" + }, + { + "name": "https://support.radware.com/app/answers/answer_view/a_id/18456", + "refsource": "CONFIRM", + "url": "https://support.radware.com/app/answers/answer_view/a_id/18456" + }, + { + "name": "96172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96172" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10686.json b/2016/10xxx/CVE-2016-10686.json index 5f95601afd0..0c94a3d52a6 100644 --- a/2016/10xxx/CVE-2016-10686.json +++ b/2016/10xxx/CVE-2016-10686.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "fis-sass-all node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "fis-sass-all node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/287", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/287", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/287" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3283.json b/2016/3xxx/CVE-2016-3283.json index 57b8edc8171..c66182644d3 100644 --- a/2016/3xxx/CVE-2016-3283.json +++ b/2016/3xxx/CVE-2016-3283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-088", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088" - }, - { - "name" : "91592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91592" - }, - { - "name" : "1036274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036274" + }, + { + "name": "91592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91592" + }, + { + "name": "MS16-088", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-088" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3804.json b/2016/3xxx/CVE-2016-3804.json index 1b12b0515fe..2f6e7eebfcd 100644 --- a/2016/3xxx/CVE-2016-3804.json +++ b/2016/3xxx/CVE-2016-3804.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3929.json b/2016/3xxx/CVE-2016-3929.json index 02ad92fd868..0006f47b32c 100644 --- a/2016/3xxx/CVE-2016-3929.json +++ b/2016/3xxx/CVE-2016-3929.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "93333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + }, + { + "name": "93333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93333" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8243.json b/2016/8xxx/CVE-2016-8243.json index d9c7cc3a1fc..64993285d18 100644 --- a/2016/8xxx/CVE-2016-8243.json +++ b/2016/8xxx/CVE-2016-8243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8243", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8243", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8297.json b/2016/8xxx/CVE-2016-8297.json index 0ec19981eef..17145bcb142 100644 --- a/2016/8xxx/CVE-2016-8297.json +++ b/2016/8xxx/CVE-2016-8297.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0" - }, - { - "version_value" : "11.4.0" - }, - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "11.3.0" + }, + { + "version_value": "11.4.0" + }, + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95540" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95540" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8641.json b/2016/8xxx/CVE-2016-8641.json index e2d1814934d..82c7c273e89 100644 --- a/2016/8xxx/CVE-2016-8641.json +++ b/2016/8xxx/CVE-2016-8641.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nagios", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.x" - } - ] - } - } - ] - }, - "vendor_name" : "Nagios Enterprises" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-59" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nagios", + "version": { + "version_data": [ + { + "version_value": "4.2.x" + } + ] + } + } + ] + }, + "vendor_name": "Nagios Enterprises" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40774", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40774/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641" - }, - { - "name" : "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch", - "refsource" : "CONFIRM", - "url" : "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch" - }, - { - "name" : "GLSA-201702-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-26" - }, - { - "name" : "95121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.7/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40774", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40774/" + }, + { + "name": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch", + "refsource": "CONFIRM", + "url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641" + }, + { + "name": "95121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95121" + }, + { + "name": "GLSA-201702-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-26" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9100.json b/2016/9xxx/CVE-2016-9100.json index f0ed94c2573..baf6c5553d1 100644 --- a/2016/9xxx/CVE-2016-9100.json +++ b/2016/9xxx/CVE-2016-9100.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2016-9100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASG", - "version" : { - "version_data" : [ - { - "version_value" : "6.6 prior to 6.6.5.13" - }, - { - "version_value" : "6.7 prior to 6.7.3.1" - } - ] - } - }, - { - "product_name" : "ProxySG", - "version" : { - "version_data" : [ - { - "version_value" : "6.5 prior to 6.5.10.6" - }, - { - "version_value" : "6.6 prior to 6.6.5.13" - }, - { - "version_value" : "6.7 prior to 6.7.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2016-9100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASG", + "version": { + "version_data": [ + { + "version_value": "6.6 prior to 6.6.5.13" + }, + { + "version_value": "6.7 prior to 6.7.3.1" + } + ] + } + }, + { + "product_name": "ProxySG", + "version": { + "version_data": [ + { + "version_value": "6.5 prior to 6.5.10.6" + }, + { + "version_value": "6.6 prior to 6.6.5.13" + }, + { + "version_value": "6.7 prior to 6.7.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" - }, - { - "name" : "102454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102454" - }, - { - "name" : "1040138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040138" + }, + { + "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155" + }, + { + "name": "102454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102454" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9168.json b/2016/9xxx/CVE-2016-9168.json index b755926c98d..4ab30fa9d59 100644 --- a/2016/9xxx/CVE-2016-9168.json +++ b/2016/9xxx/CVE-2016-9168.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2016-9168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Novell eDirectory", - "version" : { - "version_data" : [ - { - "version_value" : "Novell eDirectory" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-9168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Novell eDirectory", + "version": { + "version_data": [ + { + "version_value": "Novell eDirectory" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7016794", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7016794" - }, - { - "name" : "97320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7016794", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7016794" + }, + { + "name": "97320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97320" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9267.json b/2016/9xxx/CVE-2016-9267.json index c2ccef274df..9461cd2dc95 100644 --- a/2016/9xxx/CVE-2016-9267.json +++ b/2016/9xxx/CVE-2016-9267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9267", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9267", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9995.json b/2016/9xxx/CVE-2016-9995.json index ee83148af59..a4bb5475060 100644 --- a/2016/9xxx/CVE-2016-9995.json +++ b/2016/9xxx/CVE-2016-9995.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9995", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9995", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2126.json b/2019/2xxx/CVE-2019-2126.json index 7046d2dd208..c1663c7a75d 100644 --- a/2019/2xxx/CVE-2019-2126.json +++ b/2019/2xxx/CVE-2019-2126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2126", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2126", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2473.json b/2019/2xxx/CVE-2019-2473.json index b213f234bcc..7685f642c11 100644 --- a/2019/2xxx/CVE-2019-2473.json +++ b/2019/2xxx/CVE-2019-2473.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106569" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2508.json b/2019/2xxx/CVE-2019-2508.json index 834f9174a45..851800f5086 100644 --- a/2019/2xxx/CVE-2019-2508.json +++ b/2019/2xxx/CVE-2019-2508.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106568" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2522.json b/2019/2xxx/CVE-2019-2522.json index 278af07d6ca..dece9ddaf8e 100644 --- a/2019/2xxx/CVE-2019-2522.json +++ b/2019/2xxx/CVE-2019-2522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106568" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2792.json b/2019/2xxx/CVE-2019-2792.json index f3c775fe07d..62a423e9c19 100644 --- a/2019/2xxx/CVE-2019-2792.json +++ b/2019/2xxx/CVE-2019-2792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2792", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2792", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6014.json b/2019/6xxx/CVE-2019-6014.json index aaf878ee76f..053a37a17a5 100644 --- a/2019/6xxx/CVE-2019-6014.json +++ b/2019/6xxx/CVE-2019-6014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6329.json b/2019/6xxx/CVE-2019-6329.json index 6c8a7390d90..b366e25e7af 100644 --- a/2019/6xxx/CVE-2019-6329.json +++ b/2019/6xxx/CVE-2019-6329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6733.json b/2019/6xxx/CVE-2019-6733.json index 7be155ee5c6..d816828bb86 100644 --- a/2019/6xxx/CVE-2019-6733.json +++ b/2019/6xxx/CVE-2019-6733.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6733", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6733", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file