From 44f6dc8b2d4e938d47eac722e780ebd9acbf902a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/1xxx/CVE-2006-1344.json | 180 ++++++++++---------- 2006/5xxx/CVE-2006-5479.json | 120 ++++++------- 2006/5xxx/CVE-2006-5522.json | 140 +++++++-------- 2006/5xxx/CVE-2006-5634.json | 190 ++++++++++----------- 2006/5xxx/CVE-2006-5852.json | 160 +++++++++--------- 2006/5xxx/CVE-2006-5904.json | 130 +++++++------- 2007/2xxx/CVE-2007-2026.json | 240 +++++++++++++------------- 2007/2xxx/CVE-2007-2091.json | 160 +++++++++--------- 2007/2xxx/CVE-2007-2683.json | 270 ++++++++++++++--------------- 2007/2xxx/CVE-2007-2819.json | 150 ++++++++--------- 2007/3xxx/CVE-2007-3028.json | 200 +++++++++++----------- 2007/3xxx/CVE-2007-3054.json | 150 ++++++++--------- 2007/6xxx/CVE-2007-6204.json | 220 ++++++++++++------------ 2007/6xxx/CVE-2007-6324.json | 150 ++++++++--------- 2010/0xxx/CVE-2010-0211.json | 300 ++++++++++++++++----------------- 2010/0xxx/CVE-2010-0563.json | 170 +++++++++---------- 2010/0xxx/CVE-2010-0659.json | 210 +++++++++++------------ 2010/1xxx/CVE-2010-1096.json | 140 +++++++-------- 2010/1xxx/CVE-2010-1423.json | 200 +++++++++++----------- 2010/1xxx/CVE-2010-1455.json | 290 +++++++++++++++---------------- 2010/1xxx/CVE-2010-1699.json | 34 ++-- 2010/4xxx/CVE-2010-4709.json | 190 ++++++++++----------- 2010/5xxx/CVE-2010-5202.json | 130 +++++++------- 2010/5xxx/CVE-2010-5325.json | 180 ++++++++++---------- 2014/0xxx/CVE-2014-0327.json | 120 ++++++------- 2014/0xxx/CVE-2014-0717.json | 34 ++-- 2014/0xxx/CVE-2014-0732.json | 130 +++++++------- 2014/10xxx/CVE-2014-10001.json | 160 +++++++++--------- 2014/1xxx/CVE-2014-1476.json | 160 +++++++++--------- 2014/1xxx/CVE-2014-1719.json | 170 +++++++++---------- 2014/1xxx/CVE-2014-1993.json | 140 +++++++-------- 2014/4xxx/CVE-2014-4292.json | 130 +++++++------- 2014/4xxx/CVE-2014-4951.json | 34 ++-- 2014/5xxx/CVE-2014-5090.json | 120 ++++++------- 2014/5xxx/CVE-2014-5162.json | 180 ++++++++++---------- 2014/5xxx/CVE-2014-5712.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5738.json | 140 +++++++-------- 2016/3xxx/CVE-2016-3042.json | 140 +++++++-------- 2016/3xxx/CVE-2016-3064.json | 140 +++++++-------- 2016/3xxx/CVE-2016-3133.json | 34 ++-- 2016/3xxx/CVE-2016-3303.json | 150 ++++++++--------- 2016/3xxx/CVE-2016-3679.json | 180 ++++++++++---------- 2016/7xxx/CVE-2016-7851.json | 150 ++++++++--------- 2016/8xxx/CVE-2016-8043.json | 34 ++-- 2016/8xxx/CVE-2016-8587.json | 130 +++++++------- 2016/9xxx/CVE-2016-9045.json | 122 +++++++------- 2016/9xxx/CVE-2016-9288.json | 140 +++++++-------- 2016/9xxx/CVE-2016-9700.json | 216 ++++++++++++------------ 2016/9xxx/CVE-2016-9884.json | 34 ++-- 2016/9xxx/CVE-2016-9968.json | 34 ++-- 2019/2xxx/CVE-2019-2004.json | 34 ++-- 2019/2xxx/CVE-2019-2259.json | 34 ++-- 2019/2xxx/CVE-2019-2343.json | 34 ++-- 2019/2xxx/CVE-2019-2934.json | 34 ++-- 2019/2xxx/CVE-2019-2937.json | 34 ++-- 2019/6xxx/CVE-2019-6949.json | 34 ++-- 56 files changed, 3835 insertions(+), 3835 deletions(-) diff --git a/2006/1xxx/CVE-2006-1344.json b/2006/1xxx/CVE-2006-1344.json index fe451d342f2..0b5c6ea0ceb 100644 --- a/2006/1xxx/CVE-2006-1344.json +++ b/2006/1xxx/CVE-2006-1344.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060320 CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428267/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10" - }, - { - "name" : "17170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17170" - }, - { - "name" : "ADV-2006-1084", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1084" - }, - { - "name" : "1015813", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015813" - }, - { - "name" : "614", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/614" - }, - { - "name" : "verisign-haydn-xss(25349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17170" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=522&idxseccion=10" + }, + { + "name": "ADV-2006-1084", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1084" + }, + { + "name": "verisign-haydn-xss(25349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25349" + }, + { + "name": "614", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/614" + }, + { + "name": "20060320 CORE-2006-0124: Cross-Site Scripting in Verisign?s haydn.exe CGI script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428267/100/0/threaded" + }, + { + "name": "1015813", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015813" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5479.json b/2006/5xxx/CVE-2006-5479.json index 4cd71d37e7b..039fcec756e 100644 --- a/2006/5xxx/CVE-2006-5479.json +++ b/2006/5xxx/CVE-2006-5479.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain \"NCP Fragment.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain \"NCP Fragment.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5522.json b/2006/5xxx/CVE-2006-5522.json index 49a528ee0b0..5ce6a3ca690 100644 --- a/2006/5xxx/CVE-2006-5522.json +++ b/2006/5xxx/CVE-2006-5522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2607", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2607" - }, - { - "name" : "20659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20659" - }, - { - "name" : "kawf-main-file-include(29709)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20659" + }, + { + "name": "kawf-main-file-include(29709)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29709" + }, + { + "name": "2607", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2607" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5634.json b/2006/5xxx/CVE-2006-5634.json index 02022b573eb..421e927788b 100644 --- a/2006/5xxx/CVE-2006-5634.json +++ b/2006/5xxx/CVE-2006-5634.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2688", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2688" - }, - { - "name" : "20819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20819" - }, - { - "name" : "ADV-2006-4274", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4274" - }, - { - "name" : "30136", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=30136" - }, - { - "name" : "30138", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30138" - }, - { - "name" : "30137", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30137" - }, - { - "name" : "22644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22644" - }, - { - "name" : "phpprofiles-reqpath-file-include(29900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30138", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30138" + }, + { + "name": "20819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20819" + }, + { + "name": "30137", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30137" + }, + { + "name": "ADV-2006-4274", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4274" + }, + { + "name": "2688", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2688" + }, + { + "name": "phpprofiles-reqpath-file-include(29900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29900" + }, + { + "name": "22644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22644" + }, + { + "name": "30136", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=30136" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5852.json b/2006/5xxx/CVE-2006-5852.json index 0d444222848..ea3ec3b513d 100644 --- a/2006/5xxx/CVE-2006-5852.json +++ b/2006/5xxx/CVE-2006-5852.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116296717330758&w=2" - }, - { - "name" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt" - }, - { - "name" : "2738", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2738" - }, - { - "name" : "ADV-2006-4404", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4404" - }, - { - "name" : "22742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22742" + }, + { + "name": "ADV-2006-4404", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4404" + }, + { + "name": "2738", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2738" + }, + { + "name": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt" + }, + { + "name": "20081108 [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116296717330758&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5904.json b/2006/5xxx/CVE-2006-5904.json index 8da6bf35b77..280a06fced6 100644 --- a/2006/5xxx/CVE-2006-5904.json +++ b/2006/5xxx/CVE-2006-5904.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061103 MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450693/100/0/threaded" - }, - { - "name" : "1849", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061103 MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450693/100/0/threaded" + }, + { + "name": "1849", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1849" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2026.json b/2007/2xxx/CVE-2007-2026.json index 0e5c098cbbe..a09caf84d65 100644 --- a/2007/2xxx/CVE-2007-2026.json +++ b/2007/2xxx/CVE-2007-2026.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070524 FLEA-2007-0022-1: file", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469520/30/6420/threaded" - }, - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user", - "refsource" : "MISC", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=174217", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=174217" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1311", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1311" - }, - { - "name" : "http://www.amavis.org/security/asa-2007-3.txt", - "refsource" : "CONFIRM", - "url" : "http://www.amavis.org/security/asa-2007-3.txt" - }, - { - "name" : "GLSA-200704-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml" - }, - { - "name" : "MDKSA-2007:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114" - }, - { - "name" : "24146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24146" - }, - { - "name" : "ADV-2007-2071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2071" - }, - { - "name" : "24918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24918" - }, - { - "name" : "25394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25394" - }, - { - "name" : "25544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25544" - }, - { - "name" : "25578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=174217", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=174217" + }, + { + "name": "24918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24918" + }, + { + "name": "GLSA-200704-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200704-13.xml" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user", + "refsource": "MISC", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40foxx.lsit.ucsb.edu&forum_name=amavis-user" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1311", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1311" + }, + { + "name": "http://www.amavis.org/security/asa-2007-3.txt", + "refsource": "CONFIRM", + "url": "http://www.amavis.org/security/asa-2007-3.txt" + }, + { + "name": "25544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25544" + }, + { + "name": "MDKSA-2007:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114" + }, + { + "name": "25578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25578" + }, + { + "name": "20070524 FLEA-2007-0022-1: file", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded" + }, + { + "name": "ADV-2007-2071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2071" + }, + { + "name": "25394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25394" + }, + { + "name": "24146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24146" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2091.json b/2007/2xxx/CVE-2007-2091.json index c8c0bca5178..8822bcf2b1c 100644 --- a/2007/2xxx/CVE-2007-2091.json +++ b/2007/2xxx/CVE-2007-2091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3750", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3750" - }, - { - "name" : "23518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23518" - }, - { - "name" : "ADV-2007-1424", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1424" - }, - { - "name" : "37413", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37413" - }, - { - "name" : "xoops-tsdisplay4xoopsblock2-file-include(33695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23518" + }, + { + "name": "3750", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3750" + }, + { + "name": "37413", + "refsource": "OSVDB", + "url": "http://osvdb.org/37413" + }, + { + "name": "xoops-tsdisplay4xoopsblock2-file-include(33695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33695" + }, + { + "name": "ADV-2007-1424", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1424" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2683.json b/2007/2xxx/CVE-2007-2683.json index ff2d3258866..5c0a7120a07 100644 --- a/2007/2xxx/CVE-2007-2683.json +++ b/2007/2xxx/CVE-2007-2683.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"&\" characters in the GECOS field, which triggers the overflow during alias expansion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.mutt.org/trac/ticket/2885", - "refsource" : "MISC", - "url" : "http://dev.mutt.org/trac/ticket/2885" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1391", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1391" - }, - { - "name" : "MDKSA-2007:113", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" - }, - { - "name" : "RHSA-2007:0386", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0386.html" - }, - { - "name" : "2007-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0024/" - }, - { - "name" : "24192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24192" - }, - { - "name" : "34973", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34973" - }, - { - "name" : "oval:org.mitre.oval:def:10543", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" - }, - { - "name" : "1018066", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018066" - }, - { - "name" : "25408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25408" - }, - { - "name" : "25529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25529" - }, - { - "name" : "25515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25515" - }, - { - "name" : "25546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25546" - }, - { - "name" : "26415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26415" - }, - { - "name" : "mutt-gecos-bo(34441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"&\" characters in the GECOS field, which triggers the overflow during alias expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25529" + }, + { + "name": "1018066", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018066" + }, + { + "name": "2007-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0024/" + }, + { + "name": "26415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26415" + }, + { + "name": "http://dev.mutt.org/trac/ticket/2885", + "refsource": "MISC", + "url": "http://dev.mutt.org/trac/ticket/2885" + }, + { + "name": "25408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25408" + }, + { + "name": "34973", + "refsource": "OSVDB", + "url": "http://osvdb.org/34973" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" + }, + { + "name": "oval:org.mitre.oval:def:10543", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" + }, + { + "name": "25546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25546" + }, + { + "name": "25515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25515" + }, + { + "name": "mutt-gecos-bo(34441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" + }, + { + "name": "MDKSA-2007:113", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" + }, + { + "name": "RHSA-2007:0386", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" + }, + { + "name": "24192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24192" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1391", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1391" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2819.json b/2007/2xxx/CVE-2007-2819.json index 59722176561..fba69570d17 100644 --- a/2007/2xxx/CVE-2007-2819.json +++ b/2007/2xxx/CVE-2007-2819.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html" - }, - { - "name" : "24060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24060" - }, - { - "name" : "37525", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37525" - }, - { - "name" : "track+-reportitem-xss(34391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "track+-reportitem-xss(34391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34391" + }, + { + "name": "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html" + }, + { + "name": "37525", + "refsource": "OSVDB", + "url": "http://osvdb.org/37525" + }, + { + "name": "24060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24060" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3028.json b/2007/3xxx/CVE-2007-3028.json index fd857c43e04..5345b176785 100644 --- a/2007/3xxx/CVE-2007-3028.json +++ b/2007/3xxx/CVE-2007-3028.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check \"the number of convertible attributes\", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to \"client sent LDAP request logic,\" aka \"Windows Active Directory Denial of Service Vulnerability\". NOTE: this is probably a different issue than CVE-2007-0040." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT071446", - "refsource" : "HP", - "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" - }, - { - "name" : "MS07-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" - }, - { - "name" : "TA07-191A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" - }, - { - "name" : "VU#348953", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/348953" - }, - { - "name" : "24796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24796" - }, - { - "name" : "ADV-2007-2481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2481" - }, - { - "name" : "oval:org.mitre.oval:def:1856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856" - }, - { - "name" : "1018355", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018355" - }, - { - "name" : "26002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check \"the number of convertible attributes\", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to \"client sent LDAP request logic,\" aka \"Windows Active Directory Denial of Service Vulnerability\". NOTE: this is probably a different issue than CVE-2007-0040." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT071446", + "refsource": "HP", + "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" + }, + { + "name": "24796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24796" + }, + { + "name": "1018355", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018355" + }, + { + "name": "26002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26002" + }, + { + "name": "ADV-2007-2481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2481" + }, + { + "name": "TA07-191A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" + }, + { + "name": "VU#348953", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/348953" + }, + { + "name": "MS07-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" + }, + { + "name": "oval:org.mitre.oval:def:1856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1856" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3054.json b/2007/3xxx/CVE-2007-3054.json index ab29fefebe3..4a6df778671 100644 --- a/2007/3xxx/CVE-2007-3054.json +++ b/2007/3xxx/CVE-2007-3054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24296" - }, - { - "name" : "36412", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36412" - }, - { - "name" : "25517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25517" - }, - { - "name" : "linker-index-search-xss(34695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36412", + "refsource": "OSVDB", + "url": "http://osvdb.org/36412" + }, + { + "name": "linker-index-search-xss(34695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695" + }, + { + "name": "24296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24296" + }, + { + "name": "25517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25517" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6204.json b/2007/6xxx/CVE-2007-6204.json index 089104bb6ab..671816e13bb 100644 --- a/2007/6xxx/CVE-2007-6204.json +++ b/2007/6xxx/CVE-2007-6204.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071206 ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484704/100/0/threaded" - }, - { - "name" : "4724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4724" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html" - }, - { - "name" : "HPSBMA02281", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" - }, - { - "name" : "SSRT061261", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" - }, - { - "name" : "26741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26741" - }, - { - "name" : "ADV-2007-4111", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4111" - }, - { - "name" : "1019055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019055" - }, - { - "name" : "27964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27964" - }, - { - "name" : "3441", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3441" - }, - { - "name" : "hpopenview-nnm-unspecified-code-execution(38892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26741" + }, + { + "name": "ADV-2007-4111", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4111" + }, + { + "name": "27964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27964" + }, + { + "name": "HPSBMA02281", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" + }, + { + "name": "4724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4724" + }, + { + "name": "3441", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3441" + }, + { + "name": "SSRT061261", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01188923" + }, + { + "name": "1019055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019055" + }, + { + "name": "hpopenview-nnm-unspecified-code-execution(38892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38892" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-071.html" + }, + { + "name": "20071206 ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484704/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6324.json b/2007/6xxx/CVE-2007-6324.json index aca0d173025..424ddebd6e1 100644 --- a/2007/6xxx/CVE-2007-6324.json +++ b/2007/6xxx/CVE-2007-6324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4726", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4726" - }, - { - "name" : "26848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26848" - }, - { - "name" : "28058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28058" - }, - { - "name" : "citywriter-head-file-include(39012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4726", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4726" + }, + { + "name": "citywriter-head-file-include(39012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39012" + }, + { + "name": "28058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28058" + }, + { + "name": "26848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26848" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0211.json b/2010/0xxx/CVE-2010-0211.json index f67e3037460..1530e1053e7 100644 --- a/2010/0xxx/CVE-2010-0211.json +++ b/2010/0xxx/CVE-2010-0211.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2010-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded" - }, - { - "name" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570", - "refsource" : "CONFIRM", - "url" : "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201406-36", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-36.xml" - }, - { - "name" : "RHSA-2010:0542", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0542.html" - }, - { - "name" : "RHSA-2010:0543", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0543.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "41770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41770" - }, - { - "name" : "1024221", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024221" - }, - { - "name" : "40639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40639" - }, - { - "name" : "40677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40677" - }, - { - "name" : "40687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40687" - }, - { - "name" : "42787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42787" - }, - { - "name" : "ADV-2010-1849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1849" - }, - { - "name" : "ADV-2010-1858", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1858" - }, - { - "name" : "ADV-2011-0025", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024221", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024221" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "GLSA-201406-36", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml" + }, + { + "name": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570", + "refsource": "CONFIRM", + "url": "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" + }, + { + "name": "ADV-2010-1858", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1858" + }, + { + "name": "40677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40677" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "ADV-2010-1849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1849" + }, + { + "name": "41770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41770" + }, + { + "name": "RHSA-2010:0542", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0542.html" + }, + { + "name": "40687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40687" + }, + { + "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "RHSA-2010:0543", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "40639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40639" + }, + { + "name": "42787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42787" + }, + { + "name": "ADV-2011-0025", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0025" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0563.json b/2010/0xxx/CVE-2010-0563.json index 844d9138e58..d13a88a9eeb 100644 --- a/2010/0xxx/CVE-2010-0563.json +++ b/2010/0xxx/CVE-2010-0563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21417839", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21417839" - }, - { - "name" : "PM00610", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610" - }, - { - "name" : "38122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38122" - }, - { - "name" : "62140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/62140" - }, - { - "name" : "1023551", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023551" - }, - { - "name" : "38425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023551", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023551" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839" + }, + { + "name": "PM00610", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610" + }, + { + "name": "38122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38122" + }, + { + "name": "38425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38425" + }, + { + "name": "62140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/62140" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0659.json b/2010/0xxx/CVE-2010-0659.json index f5c29dffe29..524e2537714 100644 --- a/2010/0xxx/CVE-2010-0659.json +++ b/2010/0xxx/CVE-2010-0659.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=28566", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=28566" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" - }, - { - "name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", - "refsource" : "CONFIRM", - "url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" - }, - { - "name" : "http://trac.webkit.org/changeset/52833", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/52833" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=33231", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=33231" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14079", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079" - }, - { - "name" : "1023506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023506" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://trac.webkit.org/changeset/52833", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/52833" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=33231", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=33231" + }, + { + "name": "1023506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023506" + }, + { + "name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs", + "refsource": "CONFIRM", + "url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=28566", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=28566" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:14079", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14079" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1096.json b/2010/1xxx/CVE-2010-1096.json index 7b80b0a1a98..95ee49f9fbc 100644 --- a/2010/1xxx/CVE-2010-1096.json +++ b/2010/1xxx/CVE-2010-1096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "62627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62627" - }, - { - "name" : "38767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38767" - }, - { - "name" : "ADV-2010-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38767" + }, + { + "name": "ADV-2010-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0493" + }, + { + "name": "62627", + "refsource": "OSVDB", + "url": "http://osvdb.org/62627" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1423.json b/2010/1xxx/CVE-2010-1423.json index e535977336e..5e35c50a932 100644 --- a/2010/1xxx/CVE-2010-1423.json +++ b/2010/1xxx/CVE-2010-1423.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1" - }, - { - "name" : "VU#886582", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/886582" - }, - { - "name" : "63648", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63648" - }, - { - "name" : "oval:org.mitre.oval:def:14090", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090" - }, - { - "name" : "1023840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023840" - }, - { - "name" : "39260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39260" - }, - { - "name" : "ADV-2010-0853", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0853" - }, - { - "name" : "jre-toolkit-command-execution(57615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1" + }, + { + "name": "1023840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023840" + }, + { + "name": "63648", + "refsource": "OSVDB", + "url": "http://osvdb.org/63648" + }, + { + "name": "20100409 Java Deployment Toolkit Performs Insufficient Validation of Parameters", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html" + }, + { + "name": "39260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39260" + }, + { + "name": "jre-toolkit-command-execution(57615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57615" + }, + { + "name": "VU#886582", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/886582" + }, + { + "name": "oval:org.mitre.oval:def:14090", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14090" + }, + { + "name": "ADV-2010-0853", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0853" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1455.json b/2010/1xxx/CVE-2010-1455.json index e125b37a508..017657c9425 100644 --- a/2010/1xxx/CVE-2010-1455.json +++ b/2010/1xxx/CVE-2010-1455.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100507 Re: CVE Assignment (wireshark)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/07/7" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-03.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2010-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2010-04.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646" - }, - { - "name" : "MDVSA-2010:099", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:099" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "39950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39950" - }, - { - "name" : "64363", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64363" - }, - { - "name" : "oval:org.mitre.oval:def:7331", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331" - }, - { - "name" : "39661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39661" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1081" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "wireshark-docsis-dos(58362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "39950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39950" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644" + }, + { + "name": "39661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39661" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-03.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2010-04.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2010-04.html" + }, + { + "name": "ADV-2010-1081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1081" + }, + { + "name": "MDVSA-2010:099", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:099" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "wireshark-docsis-dos(58362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58362" + }, + { + "name": "[oss-security] 20100507 Re: CVE Assignment (wireshark)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/07/7" + }, + { + "name": "64363", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64363" + }, + { + "name": "oval:org.mitre.oval:def:7331", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1699.json b/2010/1xxx/CVE-2010-1699.json index 6d855bf8fc6..07af16be69d 100644 --- a/2010/1xxx/CVE-2010-1699.json +++ b/2010/1xxx/CVE-2010-1699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1699", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-1699", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4709.json b/2010/4xxx/CVE-2010-4709.json index 35a1b293b95..2c22a4a9605 100644 --- a/2010/4xxx/CVE-2010-4709.json +++ b/2010/4xxx/CVE-2010-4709.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16040", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16040" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf" - }, - { - "name" : "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm", - "refsource" : "CONFIRM", - "url" : "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm" - }, - { - "name" : "VU#768840", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768840" - }, - { - "name" : "45974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45974" - }, - { - "name" : "43029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43029" - }, - { - "name" : "ADV-2011-0209", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0209" - }, - { - "name" : "modbus-modbus-bo(64944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "modbus-modbus-bo(64944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64944" + }, + { + "name": "45974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45974" + }, + { + "name": "VU#768840", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768840" + }, + { + "name": "ADV-2011-0209", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0209" + }, + { + "name": "43029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43029" + }, + { + "name": "16040", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16040" + }, + { + "name": "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm", + "refsource": "CONFIRM", + "url": "http://automatedsolutions.com/pub/asmbtcpopc/readme.htm" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5202.json b/2010/5xxx/CVE-2010-5202.json index d06aa28e4eb..eeb4bc13f91 100644 --- a/2010/5xxx/CVE-2010-5202.json +++ b/2010/5xxx/CVE-2010-5202.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" - }, - { - "name" : "41308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" + }, + { + "name": "41308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41308" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5325.json b/2010/5xxx/CVE-2010-5325.json index eea68d3e2e5..5019ef8b50c 100644 --- a/2010/5xxx/CVE-2010-5325.json +++ b/2010/5xxx/CVE-2010-5325.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/15/1" - }, - { - "name" : "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/15/7" - }, - { - "name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog" - }, - { - "name" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=515", - "refsource" : "CONFIRM", - "url" : "https://bugs.linuxfoundation.org/show_bug.cgi?id=515" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218297", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218297" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "RHSA-2016:0491", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0491.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog", + "refsource": "CONFIRM", + "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog" + }, + { + "name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515", + "refsource": "CONFIRM", + "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515" + }, + { + "name": "RHSA-2016:0491", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html" + }, + { + "name": "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1" + }, + { + "name": "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0327.json b/2014/0xxx/CVE-2014-0327.json index df787a29e4e..33e0a3f808f 100644 --- a/2014/0xxx/CVE-2014-0327.json +++ b/2014/0xxx/CVE-2014-0327.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#578598", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/578598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#578598", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/578598" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0717.json b/2014/0xxx/CVE-2014-0717.json index 3e937d8cb9f..b68f9e164c5 100644 --- a/2014/0xxx/CVE-2014-0717.json +++ b/2014/0xxx/CVE-2014-0717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0732.json b/2014/0xxx/CVE-2014-0732.json index 59aa4f88541..865603e7b22 100644 --- a/2014/0xxx/CVE-2014-0732.json +++ b/2014/0xxx/CVE-2014-0732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913" - }, - { - "name" : "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913" + }, + { + "name": "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10001.json b/2014/10xxx/CVE-2014-10001.json index 8802a7f8349..e1fa450fd0f 100644 --- a/2014/10xxx/CVE-2014-10001.json +++ b/2014/10xxx/CVE-2014-10001.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30911", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30911" - }, - { - "name" : "http://packetstormsecurity.com/files/124755", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124755" - }, - { - "name" : "56377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56377" - }, - { - "name" : "appointmentscheduler-index-csrf(90420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90420" - }, - { - "name" : "appointmentscheduler-index-xss(90419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30911", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30911" + }, + { + "name": "appointmentscheduler-index-xss(90419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90419" + }, + { + "name": "56377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56377" + }, + { + "name": "http://packetstormsecurity.com/files/124755", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124755" + }, + { + "name": "appointmentscheduler-index-csrf(90420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90420" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1476.json b/2014/1xxx/CVE-2014-1476.json index b3f5c3364a4..290125348a5 100644 --- a/2014/1xxx/CVE-2014-1476.json +++ b/2014/1xxx/CVE-2014-1476.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/SA-CORE-2014-001", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/SA-CORE-2014-001" - }, - { - "name" : "DSA-2847", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2847" - }, - { - "name" : "MDVSA-2014:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" - }, - { - "name" : "64973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64973" - }, - { - "name" : "56260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2847", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2847" + }, + { + "name": "64973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64973" + }, + { + "name": "https://drupal.org/SA-CORE-2014-001", + "refsource": "CONFIRM", + "url": "https://drupal.org/SA-CORE-2014-001" + }, + { + "name": "56260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56260" + }, + { + "name": "MDVSA-2014:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1719.json b/2014/1xxx/CVE-2014-1719.json index 48c2d7431bf..ac0c30f3745 100644 --- a/2014/1xxx/CVE-2014-1719.json +++ b/2014/1xxx/CVE-2014-1719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=343661", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=343661" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision" - }, - { - "name" : "DSA-2905", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2905" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0601", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" + }, + { + "name": "openSUSE-SU-2014:0601", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=252010&view=revision" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "DSA-2905", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2905" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=343661", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=343661" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1993.json b/2014/1xxx/CVE-2014-1993.json index b67ced9cf16..51dc107bbb2 100644 --- a/2014/1xxx/CVE-2014-1993.json +++ b/2014/1xxx/CVE-2014-1993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/gr20140714up04.php", - "refsource" : "CONFIRM", - "url" : "http://cs.cybozu.co.jp/information/gr20140714up04.php" - }, - { - "name" : "JVN#75990997", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN75990997/index.html" - }, - { - "name" : "JVNDB-2014-000077", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/gr20140714up04.php", + "refsource": "CONFIRM", + "url": "http://cs.cybozu.co.jp/information/gr20140714up04.php" + }, + { + "name": "JVNDB-2014-000077", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077" + }, + { + "name": "JVN#75990997", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN75990997/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4292.json b/2014/4xxx/CVE-2014-4292.json index 76c4e3c9fa9..755cf97972c 100644 --- a/2014/4xxx/CVE-2014-4292.json +++ b/2014/4xxx/CVE-2014-4292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70499" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4951.json b/2014/4xxx/CVE-2014-4951.json index 6b5866974ed..9d077be0635 100644 --- a/2014/4xxx/CVE-2014-4951.json +++ b/2014/4xxx/CVE-2014-4951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4951", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-4951", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5090.json b/2014/5xxx/CVE-2014-5090.json index 5a91bf5347e..54626996b7c 100644 --- a/2014/5xxx/CVE-2014-5090.json +++ b/2014/5xxx/CVE-2014-5090.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5162.json b/2014/5xxx/CVE-2014-5162.json index 8b8551c91ed..69b4c4e7ccc 100644 --- a/2014/5xxx/CVE-2014-5162.json +++ b/2014/5xxx/CVE-2014-5162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' and '\\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380" - }, - { - "name" : "DSA-3002", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3002" - }, - { - "name" : "SUSE-SU-2014:1221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" - }, - { - "name" : "openSUSE-SU-2014:1038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2014:1249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" - }, - { - "name" : "57593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' and '\\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" + }, + { + "name": "SUSE-SU-2014:1221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" + }, + { + "name": "DSA-3002", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3002" + }, + { + "name": "openSUSE-SU-2014:1038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-08.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380" + }, + { + "name": "57593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57593" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5712.json b/2014/5xxx/CVE-2014-5712.json index 3a024ab7a93..3b53710a351 100644 --- a/2014/5xxx/CVE-2014-5712.json +++ b/2014/5xxx/CVE-2014-5712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#382913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/382913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#382913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/382913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5738.json b/2014/5xxx/CVE-2014-5738.json index 51a5a4455e4..77d55ffe4bd 100644 --- a/2014/5xxx/CVE-2014-5738.json +++ b/2014/5xxx/CVE-2014-5738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#558385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/558385" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#558385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/558385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3042.json b/2016/3xxx/CVE-2016-3042.json index 0dc7a558d95..ac9c0a80f60 100644 --- a/2016/3xxx/CVE-2016-3042.json +++ b/2016/3xxx/CVE-2016-3042.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986716", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986716" - }, - { - "name" : "PI64790", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790" - }, - { - "name" : "92985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI64790", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64790" + }, + { + "name": "92985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92985" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986716", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986716" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3064.json b/2016/3xxx/CVE-2016-3064.json index 1bb274e3ea2..1f470e3a5f5 100644 --- a/2016/3xxx/CVE-2016-3064.json +++ b/2016/3xxx/CVE-2016-3064.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.netapp.com/support/index?page=content&id=9010099", - "refsource" : "CONFIRM", - "url" : "http://kb.netapp.com/support/index?page=content&id=9010099" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160830-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160830-0002/" - }, - { - "name" : "92686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 allows remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20160830-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160830-0002/" + }, + { + "name": "http://kb.netapp.com/support/index?page=content&id=9010099", + "refsource": "CONFIRM", + "url": "http://kb.netapp.com/support/index?page=content&id=9010099" + }, + { + "name": "92686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92686" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3133.json b/2016/3xxx/CVE-2016-3133.json index 28f5d3e5f55..a9b9949f7e7 100644 --- a/2016/3xxx/CVE-2016-3133.json +++ b/2016/3xxx/CVE-2016-3133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3303.json b/2016/3xxx/CVE-2016-3303.json index 5704ffeebf7..76f4c6d9ce1 100644 --- a/2016/3xxx/CVE-2016-3303.json +++ b/2016/3xxx/CVE-2016-3303.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3304." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40256", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40256/" - }, - { - "name" : "MS16-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097" - }, - { - "name" : "92301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92301" - }, - { - "name" : "1036564", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3304." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40256", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40256/" + }, + { + "name": "92301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92301" + }, + { + "name": "MS16-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097" + }, + { + "name": "1036564", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036564" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3679.json b/2016/3xxx/CVE-2016-3679.json index 3f8fdca1732..399c3a547f6 100644 --- a/2016/3xxx/CVE-2016-3679.json +++ b/2016/3xxx/CVE-2016-3679.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html" - }, - { - "name" : "RHSA-2016:0525", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0525.html" - }, - { - "name" : "openSUSE-SU-2016:1059", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html" - }, - { - "name" : "openSUSE-SU-2016:0929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:0930", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html" - }, - { - "name" : "USN-2955-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2955-1" - }, - { - "name" : "1035423", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0525", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0525.html" + }, + { + "name": "openSUSE-SU-2016:0929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html" + }, + { + "name": "openSUSE-SU-2016:1059", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html" + }, + { + "name": "1035423", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035423" + }, + { + "name": "openSUSE-SU-2016:0930", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html" + }, + { + "name": "USN-2955-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2955-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7851.json b/2016/7xxx/CVE-2016-7851.json index 020417d73e9..e743ae17f87 100644 --- a/2016/7xxx/CVE-2016-7851.json +++ b/2016/7xxx/CVE-2016-7851.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Connect 9.5.6 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Connect 9.5.6 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Connect 9.5.6 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Connect 9.5.6 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40742", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40742/" - }, - { - "name" : "https://helpx.adobe.com/security/products/connect/apsb16-35.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/connect/apsb16-35.html" - }, - { - "name" : "94152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94152" - }, - { - "name" : "1037239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037239" + }, + { + "name": "94152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94152" + }, + { + "name": "https://helpx.adobe.com/security/products/connect/apsb16-35.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/connect/apsb16-35.html" + }, + { + "name": "40742", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40742/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8043.json b/2016/8xxx/CVE-2016-8043.json index 4b87a85c117..48fc7598d1d 100644 --- a/2016/8xxx/CVE-2016-8043.json +++ b/2016/8xxx/CVE-2016-8043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8587.json b/2016/8xxx/CVE-2016-8587.json index ff9d0b625cf..c2eeb1356b8 100644 --- a/2016/8xxx/CVE-2016-8587.json +++ b/2016/8xxx/CVE-2016-8587.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html" - }, - { - "name" : "98508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98508" + }, + { + "name": "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9045.json b/2016/9xxx/CVE-2016-9045.json index 6c53ee963ae..49c3c7147da 100644 --- a/2016/9xxx/CVE-2016-9045.json +++ b/2016/9xxx/CVE-2016-9045.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-19T00:00:00", - "ID" : "CVE-2016-9045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ProcessMaker Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "ProcessMaker Enterprise Core 3.0.1.7-community" - } - ] - } - } - ] - }, - "vendor_name" : "ProcessMaker" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-19T00:00:00", + "ID": "CVE-2016-9045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ProcessMaker Enterprise", + "version": { + "version_data": [ + { + "version_value": "ProcessMaker Enterprise Core 3.0.1.7-community" + } + ] + } + } + ] + }, + "vendor_name": "ProcessMaker" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0314" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9288.json b/2016/9xxx/CVE-2016-9288.json index fcc9f7eee02..004993d4c9e 100644 --- a/2016/9xxx/CVE-2016-9288.json +++ b/2016/9xxx/CVE-2016-9288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter \"target\" of function \"DragnDropReRank\" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba" - }, - { - "name" : "94296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94296" - }, - { - "name" : "1037280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter \"target\" of function \"DragnDropReRank\" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037280" + }, + { + "name": "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/2ddffb2e7eafe4830e3483a4b437873022c461ba" + }, + { + "name": "94296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94296" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9700.json b/2016/9xxx/CVE-2016-9700.json index 0f86bf0cdef..a197caef921 100644 --- a/2016/9xxx/CVE-2016-9700.json +++ b/2016/9xxx/CVE-2016-9700.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2016-9700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2016-9700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005435", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005435", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005435" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119528" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9884.json b/2016/9xxx/CVE-2016-9884.json index befbe7d0410..eab0a57a1d3 100644 --- a/2016/9xxx/CVE-2016-9884.json +++ b/2016/9xxx/CVE-2016-9884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9884", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9884", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9968.json b/2016/9xxx/CVE-2016-9968.json index 432953fdb95..51ab8e9a819 100644 --- a/2016/9xxx/CVE-2016-9968.json +++ b/2016/9xxx/CVE-2016-9968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2004.json b/2019/2xxx/CVE-2019-2004.json index 3d1ea4b3df7..9847d26fa1a 100644 --- a/2019/2xxx/CVE-2019-2004.json +++ b/2019/2xxx/CVE-2019-2004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2259.json b/2019/2xxx/CVE-2019-2259.json index 91b1c19ba47..02152baa678 100644 --- a/2019/2xxx/CVE-2019-2259.json +++ b/2019/2xxx/CVE-2019-2259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2343.json b/2019/2xxx/CVE-2019-2343.json index 9ac8ffe60bd..e3ffb3dd71f 100644 --- a/2019/2xxx/CVE-2019-2343.json +++ b/2019/2xxx/CVE-2019-2343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2934.json b/2019/2xxx/CVE-2019-2934.json index e67314d7102..af23401b8ee 100644 --- a/2019/2xxx/CVE-2019-2934.json +++ b/2019/2xxx/CVE-2019-2934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2937.json b/2019/2xxx/CVE-2019-2937.json index 58a97d8ae16..9d6ae3ee9ce 100644 --- a/2019/2xxx/CVE-2019-2937.json +++ b/2019/2xxx/CVE-2019-2937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6949.json b/2019/6xxx/CVE-2019-6949.json index 220f7667458..42999c12da0 100644 --- a/2019/6xxx/CVE-2019-6949.json +++ b/2019/6xxx/CVE-2019-6949.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6949", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6949", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file