From 43e23eefcf67dc0c589410076db9cea3dda1106d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:14:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5402.json | 190 +++++++++++++-------------- 2007/2xxx/CVE-2007-2881.json | 200 ++++++++++++++-------------- 2007/2xxx/CVE-2007-2997.json | 180 +++++++++++++------------- 2007/3xxx/CVE-2007-3006.json | 170 ++++++++++++------------ 2007/3xxx/CVE-2007-3576.json | 160 +++++++++++------------ 2007/3xxx/CVE-2007-3662.json | 150 ++++++++++----------- 2007/3xxx/CVE-2007-3710.json | 140 ++++++++++---------- 2007/6xxx/CVE-2007-6193.json | 130 +++++++++---------- 2007/6xxx/CVE-2007-6230.json | 140 ++++++++++---------- 2007/6xxx/CVE-2007-6356.json | 200 ++++++++++++++-------------- 2007/6xxx/CVE-2007-6651.json | 180 +++++++++++++------------- 2010/0xxx/CVE-2010-0136.json | 220 +++++++++++++++---------------- 2010/0xxx/CVE-2010-0523.json | 130 +++++++++---------- 2010/0xxx/CVE-2010-0685.json | 200 ++++++++++++++-------------- 2010/0xxx/CVE-2010-0906.json | 120 ++++++++--------- 2010/1xxx/CVE-2010-1124.json | 130 +++++++++---------- 2010/1xxx/CVE-2010-1777.json | 140 ++++++++++---------- 2010/1xxx/CVE-2010-1907.json | 150 ++++++++++----------- 2014/0xxx/CVE-2014-0503.json | 160 +++++++++++------------ 2014/0xxx/CVE-2014-0557.json | 200 ++++++++++++++-------------- 2014/0xxx/CVE-2014-0922.json | 140 ++++++++++---------- 2014/1xxx/CVE-2014-1374.json | 34 ++--- 2014/1xxx/CVE-2014-1859.json | 210 +++++++++++++++--------------- 2014/4xxx/CVE-2014-4331.json | 150 ++++++++++----------- 2014/4xxx/CVE-2014-4437.json | 160 +++++++++++------------ 2014/4xxx/CVE-2014-4496.json | 190 +++++++++++++-------------- 2014/5xxx/CVE-2014-5426.json | 130 +++++++++---------- 2014/5xxx/CVE-2014-5464.json | 230 ++++++++++++++++----------------- 2014/5xxx/CVE-2014-5907.json | 140 ++++++++++---------- 2016/10xxx/CVE-2016-10096.json | 150 ++++++++++----------- 2016/10xxx/CVE-2016-10280.json | 130 +++++++++---------- 2016/3xxx/CVE-2016-3231.json | 150 ++++++++++----------- 2016/3xxx/CVE-2016-3332.json | 140 ++++++++++---------- 2016/3xxx/CVE-2016-3351.json | 170 ++++++++++++------------ 2016/3xxx/CVE-2016-3950.json | 120 ++++++++--------- 2016/7xxx/CVE-2016-7041.json | 212 +++++++++++++++--------------- 2016/8xxx/CVE-2016-8270.json | 34 ++--- 2016/8xxx/CVE-2016-8489.json | 34 ++--- 2016/8xxx/CVE-2016-8638.json | 170 ++++++++++++------------ 2016/8xxx/CVE-2016-8737.json | 142 ++++++++++---------- 2016/8xxx/CVE-2016-8956.json | 34 ++--- 2016/9xxx/CVE-2016-9152.json | 140 ++++++++++---------- 2016/9xxx/CVE-2016-9510.json | 34 ++--- 2016/9xxx/CVE-2016-9561.json | 130 +++++++++---------- 2016/9xxx/CVE-2016-9775.json | 200 ++++++++++++++-------------- 2019/2xxx/CVE-2019-2498.json | 196 ++++++++++++++-------------- 2019/2xxx/CVE-2019-2642.json | 34 ++--- 2019/2xxx/CVE-2019-2655.json | 34 ++--- 2019/2xxx/CVE-2019-2717.json | 34 ++--- 2019/2xxx/CVE-2019-2955.json | 34 ++--- 2019/6xxx/CVE-2019-6270.json | 34 ++--- 2019/6xxx/CVE-2019-6395.json | 34 ++--- 2019/6xxx/CVE-2019-6597.json | 128 +++++++++--------- 53 files changed, 3596 insertions(+), 3596 deletions(-) diff --git a/2006/5xxx/CVE-2006-5402.json b/2006/5xxx/CVE-2006-5402.json index 967855f3fe9..5c3f513ac7f 100644 --- a/2006/5xxx/CVE-2006-5402.json +++ b/2006/5xxx/CVE-2006-5402.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061017 [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116110988829381&w=2" - }, - { - "name" : "20061018 CVE-2006-5402, fishy?", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-October/001087.html" - }, - { - "name" : "20061019 CVE-2006-5402, fishy?", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-October/001088.html" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv55-theday-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv55-theday-2006.txt" - }, - { - "name" : "http://www.sigb.net/patch.php", - "refsource" : "CONFIRM", - "url" : "http://www.sigb.net/patch.php" - }, - { - "name" : "20578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20578" - }, - { - "name" : "ADV-2006-4064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4064" - }, - { - "name" : "phpmybibli-includepath-file-include(29627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061019 CVE-2006-5402, fishy?", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-October/001088.html" + }, + { + "name": "20061017 [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116110988829381&w=2" + }, + { + "name": "20061018 CVE-2006-5402, fishy?", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-October/001087.html" + }, + { + "name": "phpmybibli-includepath-file-include(29627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29627" + }, + { + "name": "20578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20578" + }, + { + "name": "ADV-2006-4064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4064" + }, + { + "name": "http://www.sigb.net/patch.php", + "refsource": "CONFIRM", + "url": "http://www.sigb.net/patch.php" + }, + { + "name": "http://advisories.echo.or.id/adv/adv55-theday-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv55-theday-2006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2881.json b/2007/2xxx/CVE-2007-2881.json index 5fc8135afa6..4cf2420c8b4 100644 --- a/2007/2xxx/CVE-2007-2881.json +++ b/2007/2xxx/CVE-2007-2881.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070525 Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536" - }, - { - "name" : "102927", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1" - }, - { - "name" : "VU#746889", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/746889" - }, - { - "name" : "24165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24165" - }, - { - "name" : "35841", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35841" - }, - { - "name" : "ADV-2007-1957", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1957" - }, - { - "name" : "1018130", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018130" - }, - { - "name" : "25405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25405" - }, - { - "name" : "sun-java-web-socks-bo(34524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1957", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1957" + }, + { + "name": "sun-java-web-socks-bo(34524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524" + }, + { + "name": "25405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25405" + }, + { + "name": "35841", + "refsource": "OSVDB", + "url": "http://osvdb.org/35841" + }, + { + "name": "VU#746889", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/746889" + }, + { + "name": "102927", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1" + }, + { + "name": "20070525 Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536" + }, + { + "name": "1018130", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018130" + }, + { + "name": "24165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24165" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2997.json b/2007/2xxx/CVE-2007-2997.json index 324ce77f7a2..3ccb25c314d 100644 --- a/2007/2xxx/CVE-2007-2997.json +++ b/2007/2xxx/CVE-2007-2997.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating \"We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469900/100/0/threaded" - }, - { - "name" : "20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471409/100/0/threaded" - }, - { - "name" : "20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471415/100/0/threaded" - }, - { - "name" : "24226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24226" - }, - { - "name" : "40145", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40145" - }, - { - "name" : "2758", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2758" - }, - { - "name" : "salesacart-reorder2-sql-injection(34567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating \"We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24226" + }, + { + "name": "salesacart-reorder2-sql-injection(34567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34567" + }, + { + "name": "20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471409/100/0/threaded" + }, + { + "name": "2758", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2758" + }, + { + "name": "40145", + "refsource": "OSVDB", + "url": "http://osvdb.org/40145" + }, + { + "name": "20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469900/100/0/threaded" + }, + { + "name": "20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471415/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3006.json b/2007/3xxx/CVE-2007-3006.json index b5256e51916..5e808da9698 100644 --- a/2007/3xxx/CVE-2007-3006.json +++ b/2007/3xxx/CVE-2007-3006.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4017", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4017" - }, - { - "name" : "6329", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6329" - }, - { - "name" : "24247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24247" - }, - { - "name" : "43455", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43455" - }, - { - "name" : "31666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31666" - }, - { - "name" : "acoustica-asx-m3u-bo(34647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43455", + "refsource": "OSVDB", + "url": "http://osvdb.org/43455" + }, + { + "name": "31666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31666" + }, + { + "name": "6329", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6329" + }, + { + "name": "24247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24247" + }, + { + "name": "acoustica-asx-m3u-bo(34647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34647" + }, + { + "name": "4017", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4017" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3576.json b/2007/3xxx/CVE-2007-3576.json index 253eadbce98..35e983038f2 100644 --- a/2007/3xxx/CVE-2007-3576.json +++ b/2007/3xxx/CVE-2007-3576.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0" - }, - { - "name" : "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/" - }, - { - "name" : "http://sla.ckers.org/forum/read.php?2,13209,13218", - "refsource" : "MISC", - "url" : "http://sla.ckers.org/forum/read.php?2,13209,13218" - }, - { - "name" : "http://www.0x000000.com/?i=375", - "refsource" : "MISC", - "url" : "http://www.0x000000.com/?i=375" - }, - { - "name" : "45813", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0", + "refsource": "MISC", + "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0" + }, + { + "name": "45813", + "refsource": "OSVDB", + "url": "http://osvdb.org/45813" + }, + { + "name": "http://sla.ckers.org/forum/read.php?2,13209,13218", + "refsource": "MISC", + "url": "http://sla.ckers.org/forum/read.php?2,13209,13218" + }, + { + "name": "http://www.0x000000.com/?i=375", + "refsource": "MISC", + "url": "http://www.0x000000.com/?i=375" + }, + { + "name": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3662.json b/2007/3xxx/CVE-2007-3662.json index e3a94d00b4c..441fc2693dc 100644 --- a/2007/3xxx/CVE-2007-3662.json +++ b/2007/3xxx/CVE-2007-3662.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070707 [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473187" - }, - { - "name" : "20070709 Re: [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473212" - }, - { - "name" : "24830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24830" - }, - { - "name" : "45808", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070707 [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473187" + }, + { + "name": "45808", + "refsource": "OSVDB", + "url": "http://osvdb.org/45808" + }, + { + "name": "20070709 Re: [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473212" + }, + { + "name": "24830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24830" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3710.json b/2007/3xxx/CVE-2007-3710.json index fc86dbaf4aa..3c196129c50 100644 --- a/2007/3xxx/CVE-2007-3710.json +++ b/2007/3xxx/CVE-2007-3710.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070708 PHP Comet-Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473188/100/0/threaded" - }, - { - "name" : "36150", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36150" - }, - { - "name" : "2876", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2876", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2876" + }, + { + "name": "36150", + "refsource": "OSVDB", + "url": "http://osvdb.org/36150" + }, + { + "name": "20070708 PHP Comet-Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473188/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6193.json b/2007/6xxx/CVE-2007-6193.json index ceed159405c..83c12092b34 100644 --- a/2007/6xxx/CVE-2007-6193.json +++ b/2007/6xxx/CVE-2007-6193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071126 Citrix NetScaler Web Management Cookie Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484182/100/0/threaded" - }, - { - "name" : "3409", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071126 Citrix NetScaler Web Management Cookie Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484182/100/0/threaded" + }, + { + "name": "3409", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3409" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6230.json b/2007/6xxx/CVE-2007-6230.json index facc74b65db..6ba5bade1c4 100644 --- a/2007/6xxx/CVE-2007-6230.json +++ b/2007/6xxx/CVE-2007-6230.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4685", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4685" - }, - { - "name" : "39694", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39694" - }, - { - "name" : "rayzz-classheaderhandlerlib-file-include(38802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4685", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4685" + }, + { + "name": "rayzz-classheaderhandlerlib-file-include(38802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38802" + }, + { + "name": "39694", + "refsource": "OSVDB", + "url": "http://osvdb.org/39694" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6356.json b/2007/6xxx/CVE-2007-6356.json index d348cac9d74..bb13c5c0226 100644 --- a/2007/6xxx/CVE-2007-6356.json +++ b/2007/6xxx/CVE-2007-6356.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=202354", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=202354" - }, - { - "name" : "http://johnst.org/sw/exiftags/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://johnst.org/sw/exiftags/CHANGES" - }, - { - "name" : "DSA-1533", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1533" - }, - { - "name" : "GLSA-200712-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-17.xml" - }, - { - "name" : "26892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26892" - }, - { - "name" : "ADV-2007-4251", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4251" - }, - { - "name" : "28110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28110" - }, - { - "name" : "28268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28268" - }, - { - "name" : "29580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29580" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=202354", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=202354" + }, + { + "name": "28110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28110" + }, + { + "name": "DSA-1533", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1533" + }, + { + "name": "28268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28268" + }, + { + "name": "GLSA-200712-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-17.xml" + }, + { + "name": "ADV-2007-4251", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4251" + }, + { + "name": "http://johnst.org/sw/exiftags/CHANGES", + "refsource": "CONFIRM", + "url": "http://johnst.org/sw/exiftags/CHANGES" + }, + { + "name": "26892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26892" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6651.json b/2007/6xxx/CVE-2007-6651.json index b2aff93274d..5de814dd19a 100644 --- a/2007/6xxx/CVE-2007-6651.json +++ b/2007/6xxx/CVE-2007-6651.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071230 Bitweaver source code disclosure, arbitrary file upload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485642/100/0/threaded" - }, - { - "name" : "4814", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4814" - }, - { - "name" : "http://www.bugreport.ir/?/24", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/?/24" - }, - { - "name" : "27081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27081" - }, - { - "name" : "39915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39915" - }, - { - "name" : "28300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28300" - }, - { - "name" : "bitweaver-edit-information-disclosure(39322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071230 Bitweaver source code disclosure, arbitrary file upload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485642/100/0/threaded" + }, + { + "name": "27081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27081" + }, + { + "name": "28300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28300" + }, + { + "name": "39915", + "refsource": "OSVDB", + "url": "http://osvdb.org/39915" + }, + { + "name": "bitweaver-edit-information-disclosure(39322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39322" + }, + { + "name": "http://www.bugreport.ir/?/24", + "refsource": "MISC", + "url": "http://www.bugreport.ir/?/24" + }, + { + "name": "4814", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4814" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0136.json b/2010/0xxx/CVE-2010-0136.json index db50bf91b5f..e26de338401 100644 --- a/2010/0xxx/CVE-2010-0136.json +++ b/2010/0xxx/CVE-2010-0136.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-openoffice] 20100212 ./packages/openofficeorg/3.1.1/unstable r1866: merge 1:3.1.1-15+squeeze1", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html" - }, - { - "name" : "DSA-1995", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1995" - }, - { - "name" : "MDVSA-2010:221", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" - }, - { - "name" : "SUSE-SA:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" - }, - { - "name" : "USN-903-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-903-1" - }, - { - "name" : "38245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38245" - }, - { - "name" : "1023588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023588" - }, - { - "name" : "38695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38695" - }, - { - "name" : "38921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38921" - }, - { - "name" : "ADV-2010-0635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0635" - }, - { - "name" : "ADV-2010-2905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:221", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" + }, + { + "name": "38695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38695" + }, + { + "name": "DSA-1995", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1995" + }, + { + "name": "1023588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023588" + }, + { + "name": "USN-903-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-903-1" + }, + { + "name": "SUSE-SA:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" + }, + { + "name": "[debian-openoffice] 20100212 ./packages/openofficeorg/3.1.1/unstable r1866: merge 1:3.1.1-15+squeeze1", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html" + }, + { + "name": "ADV-2010-0635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0635" + }, + { + "name": "38245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38245" + }, + { + "name": "38921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38921" + }, + { + "name": "ADV-2010-2905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2905" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0523.json b/2010/0xxx/CVE-2010-0523.json index 3389d300658..a27445477f2 100644 --- a/2010/0xxx/CVE-2010-0523.json +++ b/2010/0xxx/CVE-2010-0523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0685.json b/2010/0xxx/CVE-2010-0685.json index cdcc1e5398e..0733a6afbf7 100644 --- a/2010/0xxx/CVE-2010-0685.json +++ b/2010/0xxx/CVE-2010-0685.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100218 AST-2010-002: Dialplan injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509608/100/0/threaded" - }, - { - "name" : "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt", - "refsource" : "MISC", - "url" : "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2010-002.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2010-002.html" - }, - { - "name" : "FEDORA-2010-3724", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html" - }, - { - "name" : "1023637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023637" - }, - { - "name" : "38641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38641" - }, - { - "name" : "39096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39096" - }, - { - "name" : "ADV-2010-0439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0439" - }, - { - "name" : "asterisk-dial-weak-security(56397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt", + "refsource": "MISC", + "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt" + }, + { + "name": "39096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39096" + }, + { + "name": "1023637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023637" + }, + { + "name": "FEDORA-2010-3724", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html" + }, + { + "name": "20100218 AST-2010-002: Dialplan injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded" + }, + { + "name": "38641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38641" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2010-002.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2010-002.html" + }, + { + "name": "ADV-2010-0439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0439" + }, + { + "name": "asterisk-dial-weak-security(56397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0906.json b/2010/0xxx/CVE-2010-0906.json index b3946ad3638..8a50a14e0eb 100644 --- a/2010/0xxx/CVE-2010-0906.json +++ b/2010/0xxx/CVE-2010-0906.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1124.json b/2010/1xxx/CVE-2010-1124.json index 07ac76e6665..87cb270abd7 100644 --- a/2010/1xxx/CVE-2010-1124.json +++ b/2010/1xxx/CVE-2010-1124.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on \"systems with databases cataloged with alternate servers using IP addresses.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IZ66710", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710" - }, - { - "name" : "38964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on \"systems with databases cataloged with alternate servers using IP addresses.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IZ66710", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710" + }, + { + "name": "38964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38964" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1777.json b/2010/1xxx/CVE-2010-1777.json index 09d68ed3587..8840dde18c0 100644 --- a/2010/1xxx/CVE-2010-1777.json +++ b/2010/1xxx/CVE-2010-1777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4263", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4263" - }, - { - "name" : "APPLE-SA-2010-07-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:6988", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6988", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6988" + }, + { + "name": "APPLE-SA-2010-07-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4263", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4263" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1907.json b/2010/1xxx/CVE-2010-1907.json index 182e78afde9..d2fe862e156 100644 --- a/2010/1xxx/CVE-2010-1907.json +++ b/2010/1xxx/CVE-2010-1907.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511176/100/0/threaded" - }, - { - "name" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html", - "refsource" : "MISC", - "url" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html" - }, - { - "name" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf", - "refsource" : "MISC", - "url" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf" - }, - { - "name" : "VU#602801", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/602801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#602801", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/602801" + }, + { + "name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html", + "refsource": "MISC", + "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html" + }, + { + "name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf", + "refsource": "MISC", + "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf" + }, + { + "name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0503.json b/2014/0xxx/CVE-2014-0503.json index ce9ec52318f..0bae4b9a1d9 100644 --- a/2014/0xxx/CVE-2014-0503.json +++ b/2014/0xxx/CVE-2014-0503.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" - }, - { - "name" : "GLSA-201405-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" - }, - { - "name" : "RHSA-2014:0289", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0289.html" - }, - { - "name" : "openSUSE-SU-2014:0379", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" - }, - { - "name" : "SUSE-SU-2014:0387", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0379", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" + }, + { + "name": "SUSE-SU-2014:0387", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" + }, + { + "name": "GLSA-201405-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml" + }, + { + "name": "RHSA-2014:0289", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0557.json b/2014/0xxx/CVE-2014-0557.json index 2c50d4c21b8..9f603942025 100644 --- a/2014/0xxx/CVE-2014-0557.json +++ b/2014/0xxx/CVE-2014-0557.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" - }, - { - "name" : "GLSA-201409-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-05.xml" - }, - { - "name" : "SUSE-SU-2014:1124", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" - }, - { - "name" : "openSUSE-SU-2014:1110", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" - }, - { - "name" : "openSUSE-SU-2014:1130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" - }, - { - "name" : "69701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69701" - }, - { - "name" : "1030822", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030822" - }, - { - "name" : "61089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61089" - }, - { - "name" : "adobe-flash-cve20140557-sec-bypass(95827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201409-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-05.xml" + }, + { + "name": "61089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61089" + }, + { + "name": "openSUSE-SU-2014:1130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" + }, + { + "name": "69701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69701" + }, + { + "name": "openSUSE-SU-2014:1110", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" + }, + { + "name": "SUSE-SU-2014:1124", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" + }, + { + "name": "adobe-flash-cve20140557-sec-bypass(95827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95827" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" + }, + { + "name": "1030822", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030822" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0922.json b/2014/0xxx/CVE-2014-0922.json index 357f52f9129..1944c96fa0d 100644 --- a/2014/0xxx/CVE-2014-0922.json +++ b/2014/0xxx/CVE-2014-0922.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" - }, - { - "name" : "IC98692", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692" - }, - { - "name" : "ibm-messagesight-cve20140922-dos(92075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-messagesight-cve20140922-dos(92075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92075" + }, + { + "name": "IC98692", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1374.json b/2014/1xxx/CVE-2014-1374.json index 231fb89bc24..088517109e6 100644 --- a/2014/1xxx/CVE-2014-1374.json +++ b/2014/1xxx/CVE-2014-1374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1374", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1374", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1859.json b/2014/1xxx/CVE-2014-1859.json index b85f38588e6..f148dac21f3 100644 --- a/2014/1xxx/CVE-2014-1859.json +++ b/2014/1xxx/CVE-2014-1859.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" - }, - { - "name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" - }, - { - "name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" - }, - { - "name" : "https://github.com/numpy/numpy/pull/4262", - "refsource" : "CONFIRM", - "url" : "https://github.com/numpy/numpy/pull/4262" - }, - { - "name" : "FEDORA-2014-2289", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" - }, - { - "name" : "FEDORA-2014-2387", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" - }, - { - "name" : "65440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65440" - }, - { - "name" : "numpy-cve20141859-symlink(91317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-2387", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" + }, + { + "name": "65440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65440" + }, + { + "name": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" + }, + { + "name": "https://github.com/numpy/numpy/pull/4262", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/pull/4262" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" + }, + { + "name": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", + "refsource": "CONFIRM", + "url": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" + }, + { + "name": "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/08/3" + }, + { + "name": "FEDORA-2014-2289", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" + }, + { + "name": "numpy-cve20141859-symlink(91317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4331.json b/2014/4xxx/CVE-2014-4331.json index e7d6e4f9e13..a8fe7efec30 100644 --- a/2014/4xxx/CVE-2014-4331.json +++ b/2014/4xxx/CVE-2014-4331.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140709 CVE-2014-4331 OctavoCMS reflected XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532701/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html" - }, - { - "name" : "20140719 OctavoCMS (CVE-2014-4331) is not always site-specific", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2014-July/002773.html" - }, - { - "name" : "68469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68469" + }, + { + "name": "20140709 CVE-2014-4331 OctavoCMS reflected XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532701/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html" + }, + { + "name": "20140719 OctavoCMS (CVE-2014-4331) is not always site-specific", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2014-July/002773.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4437.json b/2014/4xxx/CVE-2014-4437.json index 01d23933046..4dbdf9816f3 100644 --- a/2014/4xxx/CVE-2014-4437.json +++ b/2014/4xxx/CVE-2014-4437.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6535", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6535" - }, - { - "name" : "APPLE-SA-2014-10-16-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" - }, - { - "name" : "70627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70627" - }, - { - "name" : "1031063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031063" - }, - { - "name" : "macosx-cve20144437-sec-bypass(97631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-10-16-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" + }, + { + "name": "1031063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031063" + }, + { + "name": "https://support.apple.com/kb/HT6535", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6535" + }, + { + "name": "macosx-cve20144437-sec-bypass(97631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97631" + }, + { + "name": "70627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70627" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4496.json b/2014/4xxx/CVE-2014-4496.json index c2601ad874f..6671b037fdb 100644 --- a/2014/4xxx/CVE-2014-4496.json +++ b/2014/4xxx/CVE-2014-4496.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204245", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204245" - }, - { - "name" : "http://support.apple.com/HT204246", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204246" - }, - { - "name" : "https://support.apple.com/HT204413", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204413" - }, - { - "name" : "APPLE-SA-2015-01-27-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-01-27-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-03-09-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" - }, - { - "name" : "72334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72334" - }, - { - "name" : "1031652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/HT204245", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204245" + }, + { + "name": "http://support.apple.com/HT204246", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204246" + }, + { + "name": "72334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72334" + }, + { + "name": "APPLE-SA-2015-03-09-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" + }, + { + "name": "APPLE-SA-2015-01-27-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" + }, + { + "name": "1031652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031652" + }, + { + "name": "https://support.apple.com/HT204413", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204413" + }, + { + "name": "APPLE-SA-2015-01-27-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5426.json b/2014/5xxx/CVE-2014-5426.json index c0ba0b091aa..9b54af557a8 100644 --- a/2014/5xxx/CVE-2014-5426.json +++ b/2014/5xxx/CVE-2014-5426.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01" - }, - { - "name" : "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01", - "refsource" : "CONFIRM", - "url" : "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01", + "refsource": "CONFIRM", + "url": "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5464.json b/2014/5xxx/CVE-2014-5464.json index c951c862166..d4499dee1da 100644 --- a/2014/5xxx/CVE-2014-5464.json +++ b/2014/5xxx/CVE-2014-5464.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533222/100/0/threaded" - }, - { - "name" : "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533332/100/0/threaded" - }, - { - "name" : "34419", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34419" - }, - { - "name" : "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/65" - }, - { - "name" : "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/22" - }, - { - "name" : "20140909 Re: ntopng 1.2.0 XSS injection using monitored network traffic", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/28" - }, - { - "name" : "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/", - "refsource" : "CONFIRM", - "url" : "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/" - }, - { - "name" : "69385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69385" - }, - { - "name" : "110437", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/110437" - }, - { - "name" : "60096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60096" - }, - { - "name" : "ntopng-httpheader-xss(95461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533332/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html" + }, + { + "name": "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/", + "refsource": "CONFIRM", + "url": "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/" + }, + { + "name": "20140909 Re: ntopng 1.2.0 XSS injection using monitored network traffic", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/28" + }, + { + "name": "ntopng-httpheader-xss(95461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95461" + }, + { + "name": "60096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60096" + }, + { + "name": "110437", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/110437" + }, + { + "name": "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/65" + }, + { + "name": "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/22" + }, + { + "name": "34419", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34419" + }, + { + "name": "69385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69385" + }, + { + "name": "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533222/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5907.json b/2014/5xxx/CVE-2014-5907.json index c7b9d91a9bf..a511442d2bd 100644 --- a/2014/5xxx/CVE-2014-5907.json +++ b/2014/5xxx/CVE-2014-5907.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#549057", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/549057" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#549057", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/549057" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10096.json b/2016/10xxx/CVE-2016-10096.json index 0bb842f4e4b..0ae4012479e 100644 --- a/2016/10xxx/CVE-2016-10096.json +++ b/2016/10xxx/CVE-2016-10096.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hackersb.cn/shenji/107.html", - "refsource" : "MISC", - "url" : "http://www.hackersb.cn/shenji/107.html" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/issues/58", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/58" - }, - { - "name" : "95172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hackersb.cn/shenji/107.html", + "refsource": "MISC", + "url": "http://www.hackersb.cn/shenji/107.html" + }, + { + "name": "95172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95172" + }, + { + "name": "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f" + }, + { + "name": "https://github.com/semplon/GeniXCMS/issues/58", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/58" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10280.json b/2016/10xxx/CVE-2016-10280.json index 00122e7cb65..61ddc52e616 100644 --- a/2016/10xxx/CVE-2016-10280.json +++ b/2016/10xxx/CVE-2016-10280.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98157" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3231.json b/2016/3xxx/CVE-2016-3231.json index e41895762f2..b9278dbf4c2 100644 --- a/2016/3xxx/CVE-2016-3231.json +++ b/2016/3xxx/CVE-2016-3231.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-372", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-372" - }, - { - "name" : "MS16-078", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-078" - }, - { - "name" : "91116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91116" - }, - { - "name" : "1036105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-078", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-078" + }, + { + "name": "1036105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036105" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-372", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-372" + }, + { + "name": "91116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91116" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3332.json b/2016/3xxx/CVE-2016-3332.json index f0e613a415e..01e457f06f7 100644 --- a/2016/3xxx/CVE-2016-3332.json +++ b/2016/3xxx/CVE-2016-3332.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "94008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94008" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + }, + { + "name": "94008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94008" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3351.json b/2016/3xxx/CVE-2016-3351.json index 29006ce8982..b669db06cac 100644 --- a/2016/3xxx/CVE-2016-3351.json +++ b/2016/3xxx/CVE-2016-3351.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/", - "refsource" : "MISC", - "url" : "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/" - }, - { - "name" : "MS16-104", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" - }, - { - "name" : "MS16-105", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" - }, - { - "name" : "92788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92788" - }, - { - "name" : "1036788", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036788" - }, - { - "name" : "1036789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036789" + }, + { + "name": "92788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92788" + }, + { + "name": "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/", + "refsource": "MISC", + "url": "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/" + }, + { + "name": "MS16-104", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" + }, + { + "name": "MS16-105", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" + }, + { + "name": "1036788", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036788" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3950.json b/2016/3xxx/CVE-2016-3950.json index 9689b2faff8..3dcd9720285 100644 --- a/2016/3xxx/CVE-2016-3950.json +++ b/2016/3xxx/CVE-2016-3950.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7041.json b/2016/7xxx/CVE-2016-7041.json index d3f02c5b0d0..95946b6c5e0 100644 --- a/2016/7xxx/CVE-2016-7041.json +++ b/2016/7xxx/CVE-2016-7041.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2016-7041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drools Workbench", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "6.8/AV:N/AC:L/Au:S/C:C/I:N/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drools Workbench", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041" - }, - { - "name" : "RHSA-2016:2822", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2822.html" - }, - { - "name" : "RHSA-2016:2823", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2823.html" - }, - { - "name" : "RHSA-2016:2937", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2937.html" - }, - { - "name" : "RHSA-2016:2938", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2938.html" - }, - { - "name" : "94566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94566" - }, - { - "name" : "1037406", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "6.8/AV:N/AC:L/Au:S/C:C/I:N/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2937", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2937.html" + }, + { + "name": "RHSA-2016:2938", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2938.html" + }, + { + "name": "94566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94566" + }, + { + "name": "RHSA-2016:2822", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041" + }, + { + "name": "1037406", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037406" + }, + { + "name": "RHSA-2016:2823", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8270.json b/2016/8xxx/CVE-2016-8270.json index 38f017a3f0e..0b0f2f55b3e 100644 --- a/2016/8xxx/CVE-2016-8270.json +++ b/2016/8xxx/CVE-2016-8270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8270", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8270", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8489.json b/2016/8xxx/CVE-2016-8489.json index ae5312cbfe7..8fdef94bad8 100644 --- a/2016/8xxx/CVE-2016-8489.json +++ b/2016/8xxx/CVE-2016-8489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8489", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10242. Reason: This candidate is a reservation duplicate of CVE-2016-10242. Notes: All CVE users should reference CVE-2016-10242 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8489", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10242. Reason: This candidate is a reservation duplicate of CVE-2016-10242. Notes: All CVE users should reference CVE-2016-10242 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8638.json b/2016/8xxx/CVE-2016-8638.json index c80eee1ad4c..98bb47ab96f 100644 --- a/2016/8xxx/CVE-2016-8638.json +++ b/2016/8xxx/CVE-2016-8638.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638" - }, - { - "name" : "https://ipsilon-project.org/advisory/CVE-2016-8638.txt", - "refsource" : "CONFIRM", - "url" : "https://ipsilon-project.org/advisory/CVE-2016-8638.txt" - }, - { - "name" : "https://ipsilon-project.org/release/2.1.0.html", - "refsource" : "CONFIRM", - "url" : "https://ipsilon-project.org/release/2.1.0.html" - }, - { - "name" : "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c" - }, - { - "name" : "RHSA-2016:2809", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2809.html" - }, - { - "name" : "94439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ipsilon-project.org/release/2.1.0.html", + "refsource": "CONFIRM", + "url": "https://ipsilon-project.org/release/2.1.0.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638" + }, + { + "name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c", + "refsource": "CONFIRM", + "url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c" + }, + { + "name": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt", + "refsource": "CONFIRM", + "url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt" + }, + { + "name": "94439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94439" + }, + { + "name": "RHSA-2016:2809", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8737.json b/2016/8xxx/CVE-2016-8737.json index 2782fd2c7e6..b11c717108d 100644 --- a/2016/8xxx/CVE-2016-8737.json +++ b/2016/8xxx/CVE-2016-8737.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-02-10T00:00:00", - "ID" : "CVE-2016-8737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Brooklyn", - "version" : { - "version_data" : [ - { - "version_value" : "0.9.0 and all prior versions" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-02-10T00:00:00", + "ID": "CVE-2016-8737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Brooklyn", + "version": { + "version_data": [ + { + "version_value": "0.9.0 and all prior versions" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20170210 [SECURITY] CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953@%3Cdev.brooklyn.apache.org%3E" - }, - { - "name" : "https://brooklyn.apache.org/community/security/CVE-2016-8737.html", - "refsource" : "CONFIRM", - "url" : "https://brooklyn.apache.org/community/security/CVE-2016-8737.html" - }, - { - "name" : "96228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://brooklyn.apache.org/community/security/CVE-2016-8737.html", + "refsource": "CONFIRM", + "url": "https://brooklyn.apache.org/community/security/CVE-2016-8737.html" + }, + { + "name": "96228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96228" + }, + { + "name": "[dev] 20170210 [SECURITY] CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953@%3Cdev.brooklyn.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8956.json b/2016/8xxx/CVE-2016-8956.json index 464abcd3281..bab5dec6976 100644 --- a/2016/8xxx/CVE-2016-8956.json +++ b/2016/8xxx/CVE-2016-8956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9152.json b/2016/9xxx/CVE-2016-9152.json index b85123e8f37..d69b053022c 100644 --- a/2016/9xxx/CVE-2016-9152.json +++ b/2016/9xxx/CVE-2016-9152.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/23290", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/23290" - }, - { - "name" : "94658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94658" - }, - { - "name" : "1037392", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94658" + }, + { + "name": "1037392", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037392" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/23290", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/23290" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9510.json b/2016/9xxx/CVE-2016-9510.json index b8bc24bd6a9..ff57fb0391a 100644 --- a/2016/9xxx/CVE-2016-9510.json +++ b/2016/9xxx/CVE-2016-9510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9510", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9561.json b/2016/9xxx/CVE-2016-9561.json index 8d9d0a295f7..09f757fd349 100644 --- a/2016/9xxx/CVE-2016-9561.json +++ b/2016/9xxx/CVE-2016-9561.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161208 [CVE-2016-9561] ffmpeg crashes on decoding MOV file", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/08/1" - }, - { - "name" : "94756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161208 [CVE-2016-9561] ffmpeg crashes on decoding MOV file", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/1" + }, + { + "name": "94756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94756" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9775.json b/2016/9xxx/CVE-2016-9775.json index fff876dde2d..02ee5e86436 100644 --- a/2016/9xxx/CVE-2016-9775.json +++ b/2016/9xxx/CVE-2016-9775.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/5" - }, - { - "name" : "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/10" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180731-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180731-0002/" - }, - { - "name" : "DSA-3738", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3738" - }, - { - "name" : "DSA-3739", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3739" - }, - { - "name" : "USN-3177-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3177-1" - }, - { - "name" : "USN-3177-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3177-2" - }, - { - "name" : "94643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3177-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3177-2" + }, + { + "name": "94643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94643" + }, + { + "name": "DSA-3739", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3739" + }, + { + "name": "DSA-3738", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3738" + }, + { + "name": "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/5" + }, + { + "name": "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/10" + }, + { + "name": "USN-3177-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3177-1" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180731-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180731-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2498.json b/2019/2xxx/CVE-2019-2498.json index 89ef0ce5281..9ef05d4bd67 100644 --- a/2019/2xxx/CVE-2019-2498.json +++ b/2019/2xxx/CVE-2019-2498.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Partner Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - }, - { - "version_affected" : "=", - "version_value" : "12.2.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Partner Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + }, + { + "version_affected": "=", + "version_value": "12.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106620" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2642.json b/2019/2xxx/CVE-2019-2642.json index f56a9748874..52d74d1064f 100644 --- a/2019/2xxx/CVE-2019-2642.json +++ b/2019/2xxx/CVE-2019-2642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2655.json b/2019/2xxx/CVE-2019-2655.json index b53339b2d06..97056d29aca 100644 --- a/2019/2xxx/CVE-2019-2655.json +++ b/2019/2xxx/CVE-2019-2655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2655", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2655", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2717.json b/2019/2xxx/CVE-2019-2717.json index 32c7c22f559..58f2dd328bf 100644 --- a/2019/2xxx/CVE-2019-2717.json +++ b/2019/2xxx/CVE-2019-2717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2955.json b/2019/2xxx/CVE-2019-2955.json index 3921014d06b..043c750b599 100644 --- a/2019/2xxx/CVE-2019-2955.json +++ b/2019/2xxx/CVE-2019-2955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2955", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2955", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6270.json b/2019/6xxx/CVE-2019-6270.json index 865769df3f7..ccb08b6a32b 100644 --- a/2019/6xxx/CVE-2019-6270.json +++ b/2019/6xxx/CVE-2019-6270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6395.json b/2019/6xxx/CVE-2019-6395.json index 32beba0fb4a..f0f5a1bf061 100644 --- a/2019/6xxx/CVE-2019-6395.json +++ b/2019/6xxx/CVE-2019-6395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6597.json b/2019/6xxx/CVE-2019-6597.json index 1bb1c15f573..f99165ba273 100644 --- a/2019/6xxx/CVE-2019-6597.json +++ b/2019/6xxx/CVE-2019-6597.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2019-03-11T00:00:00", - "ID" : "CVE-2019-6597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator); Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" - }, - { - "version_value" : "EM 3.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2019-03-11T00:00:00", + "ID": "CVE-2019-6597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator); Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + }, + { + "version_value": "EM 3.1.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K29280193", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K29280193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K29280193", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K29280193" + } + ] + } +} \ No newline at end of file