diff --git a/2007/2xxx/CVE-2007-2112.json b/2007/2xxx/CVE-2007-2112.json index 7d027c46e9c..2664605bc1c 100644 --- a/2007/2xxx/CVE-2007-2112.json +++ b/2007/2xxx/CVE-2007-2112.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger (\"AFTER LOGON ON DATABASE\" trigger directive), a related issue to CVE-2006-0547." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070418 Advisory: Bypass Oracle Logon Trigger", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466151/100/0/threaded" - }, - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" - }, - { - "name" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger (\"AFTER LOGON ON DATABASE\" trigger directive), a related issue to CVE-2006-0547." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "20070418 Advisory: Bypass Oracle Logon Trigger", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466151/100/0/threaded" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3106.json b/2007/3xxx/CVE-2007-3106.json index 537045577da..e0c10747bb1 100644 --- a/2007/3xxx/CVE-2007-3106.json +++ b/2007/3xxx/CVE-2007-3106.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a \"heap overwrite\" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474729/100/0/threaded" - }, - { - "name" : "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt", - "refsource" : "MISC", - "url" : "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1590", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1590" - }, - { - "name" : "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=245991", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=245991" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=249780" - }, - { - "name" : "https://trac.xiph.org/changeset/13160", - "refsource" : "CONFIRM", - "url" : "https://trac.xiph.org/changeset/13160" - }, - { - "name" : "DSA-1471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1471" - }, - { - "name" : "GLSA-200710-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-03.xml" - }, - { - "name" : "MDKSA-2007:167-1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1" - }, - { - "name" : "RHSA-2007:0845", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0845.html" - }, - { - "name" : "RHSA-2007:0912", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0912.html" - }, - { - "name" : "USN-498-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-498-1" - }, - { - "name" : "25082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25082" - }, - { - "name" : "oval:org.mitre.oval:def:11449", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449" - }, - { - "name" : "ADV-2007-2698", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2698" - }, - { - "name" : "ADV-2007-2760", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2760" - }, - { - "name" : "26232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26232" - }, - { - "name" : "26087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26087" - }, - { - "name" : "26299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26299" - }, - { - "name" : "26429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26429" - }, - { - "name" : "26535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26535" - }, - { - "name" : "26865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26865" - }, - { - "name" : "27099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27099" - }, - { - "name" : "24923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24923" - }, - { - "name" : "28614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28614" - }, - { - "name" : "libvorbis-inverse-code-execution(35622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a \"heap overwrite\" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt", + "refsource": "MISC", + "url": "http://www.isecpartners.com/advisories/2007-003-libvorbis.txt" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1590", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1590" + }, + { + "name": "USN-498-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-498-1" + }, + { + "name": "ADV-2007-2760", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2760" + }, + { + "name": "26299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26299" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=249780", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249780" + }, + { + "name": "28614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28614" + }, + { + "name": "oval:org.mitre.oval:def:11449", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449" + }, + { + "name": "DSA-1471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1471" + }, + { + "name": "26429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26429" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=245991", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245991" + }, + { + "name": "RHSA-2007:0912", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0912.html" + }, + { + "name": "GLSA-200710-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-03.xml" + }, + { + "name": "https://trac.xiph.org/changeset/13160", + "refsource": "CONFIRM", + "url": "https://trac.xiph.org/changeset/13160" + }, + { + "name": "26087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26087" + }, + { + "name": "25082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25082" + }, + { + "name": "20070726 libvorbis 1.1.2 - Multiple memory corruption flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474729/100/0/threaded" + }, + { + "name": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html", + "refsource": "CONFIRM", + "url": "http://www.tellini.org/blog/archives/32-Music-Box-1.6.html" + }, + { + "name": "24923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24923" + }, + { + "name": "26535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26535" + }, + { + "name": "libvorbis-inverse-code-execution(35622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35622" + }, + { + "name": "ADV-2007-2698", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2698" + }, + { + "name": "27099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27099" + }, + { + "name": "26232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26232" + }, + { + "name": "MDKSA-2007:167-1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1" + }, + { + "name": "26865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26865" + }, + { + "name": "RHSA-2007:0845", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0845.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3120.json b/2007/3xxx/CVE-2007-3120.json index d7b7143af42..0f68b5a8bc8 100644 --- a/2007/3xxx/CVE-2007-3120.json +++ b/2007/3xxx/CVE-2007-3120.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=514035", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=514035" - }, - { - "name" : "24357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24357" - }, - { - "name" : "ADV-2007-2097", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2097" - }, - { - "name" : "35533", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35533" - }, - { - "name" : "25584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25584" - }, - { - "name" : "aiocp-cpdpage-xss(34762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aiocp-cpdpage-xss(34762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34762" + }, + { + "name": "35533", + "refsource": "OSVDB", + "url": "http://osvdb.org/35533" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=514035", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=514035" + }, + { + "name": "24357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24357" + }, + { + "name": "25584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25584" + }, + { + "name": "ADV-2007-2097", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2097" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3247.json b/2007/3xxx/CVE-2007-3247.json index 3e58463911f..33412ce60e5 100644 --- a/2007/3xxx/CVE-2007-3247.json +++ b/2007/3xxx/CVE-2007-3247.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=516206", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=516206" - }, - { - "name" : "http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57", - "refsource" : "CONFIRM", - "url" : "http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57" - }, - { - "name" : "24485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24485" - }, - { - "name" : "ADV-2007-2217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2217" - }, - { - "name" : "36889", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36889" - }, - { - "name" : "25698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25698" - }, - { - "name" : "virtuemart-unspecified-sql-injection(34879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2217" + }, + { + "name": "25698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25698" + }, + { + "name": "36889", + "refsource": "OSVDB", + "url": "http://osvdb.org/36889" + }, + { + "name": "24485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24485" + }, + { + "name": "http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57", + "refsource": "CONFIRM", + "url": "http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57" + }, + { + "name": "virtuemart-unspecified-sql-injection(34879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=516206", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=516206" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3290.json b/2007/3xxx/CVE-2007-3290.json index 491085482d1..0027d5f9544 100644 --- a/2007/3xxx/CVE-2007-3290.json +++ b/2007/3xxx/CVE-2007-3290.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4082", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4082" - }, - { - "name" : "24580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24580" - }, - { - "name" : "37490", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37490" - }, - { - "name" : "25744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25744" - }, - { - "name" : "livecms-categoria-path-disclosure(35147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37490", + "refsource": "OSVDB", + "url": "http://osvdb.org/37490" + }, + { + "name": "24580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24580" + }, + { + "name": "livecms-categoria-path-disclosure(35147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35147" + }, + { + "name": "4082", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4082" + }, + { + "name": "25744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25744" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3954.json b/2007/3xxx/CVE-2007-3954.json index 5db01bb5ddd..ed74c3e37b6 100644 --- a/2007/3xxx/CVE-2007-3954.json +++ b/2007/3xxx/CVE-2007-3954.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/", - "refsource" : "MISC", - "url" : "http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/" - }, - { - "name" : "25021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/", + "refsource": "MISC", + "url": "http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/" + }, + { + "name": "25021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25021" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4112.json b/2007/4xxx/CVE-2007-4112.json index 35a5c80cc7d..b6a722b9387 100644 --- a/2007/4xxx/CVE-2007-4112.json +++ b/2007/4xxx/CVE-2007-4112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that \"bypass AWBS's anti-XSS input validation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/" - }, - { - "name" : "25089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25089" - }, - { - "name" : "37257", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37257" - }, - { - "name" : "26214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26214" - }, - { - "name" : "awbs-unspecified-sql-injection(46160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that \"bypass AWBS's anti-XSS input validation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "awbs-unspecified-sql-injection(46160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46160" + }, + { + "name": "26214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26214" + }, + { + "name": "http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/" + }, + { + "name": "37257", + "refsource": "OSVDB", + "url": "http://osvdb.org/37257" + }, + { + "name": "25089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25089" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4323.json b/2007/4xxx/CVE-2007-4323.json index ef3db347993..d0bef56afdb 100644 --- a/2007/4xxx/CVE-2007-4323.json +++ b/2007/4xxx/CVE-2007-4323.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ossec.net/en/attacking-loganalysis.html", - "refsource" : "MISC", - "url" : "http://www.ossec.net/en/attacking-loganalysis.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=181213", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=181213" - }, - { - "name" : "GLSA-200710-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-14.xml" - }, - { - "name" : "26061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26061" - }, - { - "name" : "42482", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42482" - }, - { - "name" : "27254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27254" - }, - { - "name" : "denyhosts-sshd-logfiles-dos(37199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42482", + "refsource": "OSVDB", + "url": "http://osvdb.org/42482" + }, + { + "name": "denyhosts-sshd-logfiles-dos(37199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37199" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943" + }, + { + "name": "http://www.ossec.net/en/attacking-loganalysis.html", + "refsource": "MISC", + "url": "http://www.ossec.net/en/attacking-loganalysis.html" + }, + { + "name": "26061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26061" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=181213", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=181213" + }, + { + "name": "27254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27254" + }, + { + "name": "GLSA-200710-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-14.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4934.json b/2007/4xxx/CVE-2007-4934.json index 40bd554966f..4976ac78306 100644 --- a/2007/4xxx/CVE-2007-4934.json +++ b/2007/4xxx/CVE-2007-4934.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4406", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4406" - }, - { - "name" : "http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=735906", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=735906" - }, - { - "name" : "25667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25667" - }, - { - "name" : "ADV-2007-3176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3176" - }, - { - "name" : "37085", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37085" - }, - { - "name" : "37086", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37086" - }, - { - "name" : "26812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26812" - }, - { - "name" : "phpffl-livedraft-admin-file-include(36606)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4406", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4406" + }, + { + "name": "phpffl-livedraft-admin-file-include(36606)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36606" + }, + { + "name": "25667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25667" + }, + { + "name": "37086", + "refsource": "OSVDB", + "url": "http://osvdb.org/37086" + }, + { + "name": "http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/14/rfi-02-phpffl-fantasy-football-league-manager/" + }, + { + "name": "37085", + "refsource": "OSVDB", + "url": "http://osvdb.org/37085" + }, + { + "name": "ADV-2007-3176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3176" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=539716&group_id=137531" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=735906", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=735906" + }, + { + "name": "26812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26812" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6025.json b/2007/6xxx/CVE-2007-6025.json index 4cd0b58745d..a843ded0446 100644 --- a/2007/6xxx/CVE-2007-6025.json +++ b/2007/6xxx/CVE-2007-6025.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=292991", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=292991" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387" - }, - { - "name" : "MDKSA-2007:245", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:245" - }, - { - "name" : "26555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26555" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=292991", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=292991" + }, + { + "name": "MDKSA-2007:245", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:245" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442387" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6371.json b/2007/6xxx/CVE-2007-6371.json index 0d67be3e218..c52dde54b88 100644 --- a/2007/6xxx/CVE-2007-6371.json +++ b/2007/6xxx/CVE-2007-6371.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071205 Nokia N95 cellphone remote DoS using the SIP Stack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058839.html" - }, - { - "name" : "26726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26726" - }, - { - "name" : "ADV-2007-4113", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26726" + }, + { + "name": "ADV-2007-4113", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4113" + }, + { + "name": "20071205 Nokia N95 cellphone remote DoS using the SIP Stack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058839.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6703.json b/2007/6xxx/CVE-2007-6703.json index 8c974f1629d..a36474731a8 100644 --- a/2007/6xxx/CVE-2007-6703.json +++ b/2007/6xxx/CVE-2007-6703.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=766440", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=766440" - }, - { - "name" : "FEDORA-2008-0680", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html" - }, - { - "name" : "28141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28141" - }, - { - "name" : "29228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29228" - }, - { - "name" : "29285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29285" - }, - { - "name" : "synce-vdccm-dos(41174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "synce-vdccm-dos(41174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41174" + }, + { + "name": "29228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29228" + }, + { + "name": "28141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28141" + }, + { + "name": "FEDORA-2008-0680", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=766440", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=766440" + }, + { + "name": "29285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29285" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1563.json b/2010/1xxx/CVE-2010-1563.json index 33edead8c2a..8e06f41ee68 100644 --- a/2010/1xxx/CVE-2010-1563.json +++ b/2010/1xxx/CVE-2010-1563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-1563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml" - }, - { - "name" : "40125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40125" - }, - { - "name" : "64683", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40125" + }, + { + "name": "64683", + "refsource": "OSVDB", + "url": "http://osvdb.org/64683" + }, + { + "name": "20100512 Multiple Vulnerabilities in Cisco PGW Softswitch", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1569.json b/2010/1xxx/CVE-2010-1569.json index 51f50e7ce5a..389b073bfda 100644 --- a/2010/1xxx/CVE-2010-1569.json +++ b/2010/1xxx/CVE-2010-1569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1724.json b/2010/1xxx/CVE-2010-1724.json index 1527ad31f1e..877a71515c4 100644 --- a/2010/1xxx/CVE-2010-1724.json +++ b/2010/1xxx/CVE-2010-1724.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100427 XSS vulnerability in Zikula Application Framework", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510988/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html" - }, - { - "name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html" - }, - { - "name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement", - "refsource" : "CONFIRM", - "url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement" - }, - { - "name" : "39717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39717" - }, - { - "name" : "64095", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64095" - }, - { - "name" : "64096", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64096" - }, - { - "name" : "39614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39614" - }, - { - "name" : "zikula-index-xss(58224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64095", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64095" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework.html" + }, + { + "name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_zikula_application_framework_1.html" + }, + { + "name": "39717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39717" + }, + { + "name": "39614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39614" + }, + { + "name": "zikula-index-xss(58224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58224" + }, + { + "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement", + "refsource": "CONFIRM", + "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement" + }, + { + "name": "20100427 XSS vulnerability in Zikula Application Framework", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510988/100/0/threaded" + }, + { + "name": "64096", + "refsource": "OSVDB", + "url": "http://osvdb.org/64096" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1858.json b/2010/1xxx/CVE-2010-1858.json index 9a7f85f2017..20079dde085 100644 --- a/2010/1xxx/CVE-2010-1858.json +++ b/2010/1xxx/CVE-2010-1858.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11853", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11853" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt" - }, - { - "name" : "38911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38911" - }, - { - "name" : "39071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39071" - }, - { - "name" : "smestorage-index-file-include(57108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt" + }, + { + "name": "11853", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11853" + }, + { + "name": "38911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38911" + }, + { + "name": "39071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39071" + }, + { + "name": "smestorage-index-file-include(57108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57108" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5230.json b/2010/5xxx/CVE-2010-5230.json index 018ab0f378a..08c78436ba9 100644 --- a/2010/5xxx/CVE-2010-5230.json +++ b/2010/5xxx/CVE-2010-5230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100826 CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0320.html" - }, - { - "name" : "41106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in MicroStation 7.1 allow local users to gain privileges via a Trojan horse (1) mptools.dll, (2) baseman.dll, (3) wintab32.dll, or (4) wintab.dll file in the current working directory, as demonstrated by a directory that contains a .hln or .rdl file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100826 CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0320.html" + }, + { + "name": "41106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41106" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0026.json b/2014/0xxx/CVE-2014-0026.json index 6670eeee356..1351fc60cc2 100644 --- a/2014/0xxx/CVE-2014-0026.json +++ b/2014/0xxx/CVE-2014-0026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0785.json b/2014/0xxx/CVE-2014-0785.json index ad8197ae513..91270e41c34 100644 --- a/2014/0xxx/CVE-2014-0785.json +++ b/2014/0xxx/CVE-2014-0785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0785", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0785", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0858.json b/2014/0xxx/CVE-2014-0858.json index e144fdf9374..fa6a672881a 100644 --- a/2014/0xxx/CVE-2014-0858.json +++ b/2014/0xxx/CVE-2014-0858.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665358", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665358" - }, - { - "name" : "ibm-navigator-cve20140858-xss(90864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665358", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665358" + }, + { + "name": "ibm-navigator-cve20140858-xss(90864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90864" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0912.json b/2014/0xxx/CVE-2014-0912.json index 6987876ed2e..f009e8f9a35 100644 --- a/2014/0xxx/CVE-2014-0912.json +++ b/2014/0xxx/CVE-2014-0912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674739" - }, - { - "name" : "ibm-sterling-cve20140912-info-disc(92072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20140912-info-disc(92072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92072" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674739", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674739" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1271.json b/2014/1xxx/CVE-2014-1271.json index c7eb559d37a..ce301ee4c47 100644 --- a/2014/1xxx/CVE-2014-1271.json +++ b/2014/1xxx/CVE-2014-1271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6163" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1316.json b/2014/1xxx/CVE-2014-1316.json index e573db4e80c..cbf35d9f5d0 100644 --- a/2014/1xxx/CVE-2014-1316.json +++ b/2014/1xxx/CVE-2014-1316.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2014-04-22-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-04-22-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1803.json b/2014/1xxx/CVE-2014-1803.json index cfe6a20980f..540a090f299 100644 --- a/2014/1xxx/CVE-2014-1803.json +++ b/2014/1xxx/CVE-2014-1803.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67834" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "67834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67834" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1901.json b/2014/1xxx/CVE-2014-1901.json index f244f6ce5b2..b636e3528c7 100644 --- a/2014/1xxx/CVE-2014-1901.json +++ b/2014/1xxx/CVE-2014-1901.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850" - }, - { - "name" : "http://www.y-cam.com/y-cam-security-fix/", - "refsource" : "CONFIRM", - "url" : "http://www.y-cam.com/y-cam-security-fix/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850" + }, + { + "name": "http://www.y-cam.com/y-cam-security-fix/", + "refsource": "CONFIRM", + "url": "http://www.y-cam.com/y-cam-security-fix/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5718.json b/2014/5xxx/CVE-2014-5718.json index 139419e3b21..167c6b5a0ad 100644 --- a/2014/5xxx/CVE-2014-5718.json +++ b/2014/5xxx/CVE-2014-5718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5718", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5809, CVE-2014-5983. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5809 and CVE-2014-5983 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5718", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5809, CVE-2014-5983. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5809 and CVE-2014-5983 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5858.json b/2014/5xxx/CVE-2014-5858.json index c4687d0f19c..55ec803eba2 100644 --- a/2014/5xxx/CVE-2014-5858.json +++ b/2014/5xxx/CVE-2014-5858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#715465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/715465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#715465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/715465" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5951.json b/2014/5xxx/CVE-2014-5951.json index 081f75ff6fe..34726757357 100644 --- a/2014/5xxx/CVE-2014-5951.json +++ b/2014/5xxx/CVE-2014-5951.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#690561", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/690561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#690561", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/690561" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5983.json b/2014/5xxx/CVE-2014-5983.json index 01fac6714c9..b633a7926c6 100644 --- a/2014/5xxx/CVE-2014-5983.json +++ b/2014/5xxx/CVE-2014-5983.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#779529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/779529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#779529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/779529" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2394.json b/2015/2xxx/CVE-2015-2394.json index cfd41120bd9..a015c9db52b 100644 --- a/2015/2xxx/CVE-2015-2394.json +++ b/2015/2xxx/CVE-2015-2394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2394", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2394", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2765.json b/2015/2xxx/CVE-2015-2765.json index 5e66d1aecc2..45249e9da49 100644 --- a/2015/2xxx/CVE-2015-2765.json +++ b/2015/2xxx/CVE-2015-2765.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "73427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "73427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73427" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2872.json b/2015/2xxx/CVE-2015-2872.json index da596e9e554..8e582dede25 100644 --- a/2015/2xxx/CVE-2015-2872.json +++ b/2015/2xxx/CVE-2015-2872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://esupport.trendmicro.com/solution/en-US/1112206.aspx", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/solution/en-US/1112206.aspx" - }, - { - "name" : "VU#248692", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/248692" - }, - { - "name" : "76397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76397" + }, + { + "name": "http://esupport.trendmicro.com/solution/en-US/1112206.aspx", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/solution/en-US/1112206.aspx" + }, + { + "name": "VU#248692", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/248692" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10008.json b/2016/10xxx/CVE-2016-10008.json index fb22e5970c2..0de63834ae8 100644 --- a/2016/10xxx/CVE-2016-10008.json +++ b/2016/10xxx/CVE-2016-10008.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the \"Content Types > Content Types\" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html", - "refsource" : "MISC", - "url" : "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the \"Content Types > Content Types\" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html", + "refsource": "MISC", + "url": "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10327.json b/2016/10xxx/CVE-2016-10327.json index 3aa69f37f21..683c77ef2af 100644 --- a/2016/10xxx/CVE-2016-10327.json +++ b/2016/10xxx/CVE-2016-10327.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313" - }, - { - "name" : "https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416", - "refsource" : "MISC", - "url" : "https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416" - }, - { - "name" : "http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/", - "refsource" : "CONFIRM", - "url" : "http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/" - }, - { - "name" : "GLSA-201706-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-28" - }, - { - "name" : "97668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313" + }, + { + "name": "http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/", + "refsource": "CONFIRM", + "url": "http://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/" + }, + { + "name": "97668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97668" + }, + { + "name": "https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416", + "refsource": "MISC", + "url": "https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416" + }, + { + "name": "GLSA-201706-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-28" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10727.json b/2016/10xxx/CVE-2016-10727.json index d990cd49926..b3b097fb92e 100644 --- a/2016/10xxx/CVE-2016-10727.json +++ b/2016/10xxx/CVE-2016-10727.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334842", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334842" - }, - { - "name" : "https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2", - "refsource" : "MISC", - "url" : "https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67" - }, - { - "name" : "USN-3724-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3724-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2", + "refsource": "MISC", + "url": "https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2" + }, + { + "name": "https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334842", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334842" + }, + { + "name": "USN-3724-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3724-1/" + }, + { + "name": "https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3244.json b/2016/3xxx/CVE-2016-3244.json index 215e1b1ea2c..99830dbb337 100644 --- a/2016/3xxx/CVE-2016-3244.json +++ b/2016/3xxx/CVE-2016-3244.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Microsoft Edge Security Feature Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-085", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" - }, - { - "name" : "91599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91599" - }, - { - "name" : "1036286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Microsoft Edge Security Feature Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036286" + }, + { + "name": "MS16-085", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085" + }, + { + "name": "91599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91599" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4531.json b/2016/4xxx/CVE-2016-4531.json index 9ebac12a0a0..3d58a3ce251 100644 --- a/2016/4xxx/CVE-2016-4531.json +++ b/2016/4xxx/CVE-2016-4531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03" - }, - { - "name" : "92135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03" + }, + { + "name": "92135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92135" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8826.json b/2016/8xxx/CVE-2016-8826.json index 79c47ff6cc8..32deb6d6e03 100644 --- a/2016/8xxx/CVE-2016-8826.json +++ b/2016/8xxx/CVE-2016-8826.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4278", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4278" - }, - { - "name" : "94957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4278", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4278" + }, + { + "name": "94957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94957" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8913.json b/2016/8xxx/CVE-2016-8913.json index ad09d94059f..50088e1cdd6 100644 --- a/2016/8xxx/CVE-2016-8913.json +++ b/2016/8xxx/CVE-2016-8913.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993982", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993982" - }, - { - "name" : "94304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993982", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993982" + }, + { + "name": "94304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94304" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8916.json b/2016/8xxx/CVE-2016-8916.json index 80dceb6e28a..3167ad8d4fd 100644 --- a/2016/8xxx/CVE-2016-8916.json +++ b/2016/8xxx/CVE-2016-8916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21998166", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21998166" - }, - { - "name" : "98335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21998166", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21998166" + }, + { + "name": "98335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98335" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8992.json b/2016/8xxx/CVE-2016-8992.json index 7805899c956..b76bac43d5d 100644 --- a/2016/8xxx/CVE-2016-8992.json +++ b/2016/8xxx/CVE-2016-8992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8992", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8992", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9048.json b/2016/9xxx/CVE-2016-9048.json index 89ff8b41004..d1502fececc 100644 --- a/2016/9xxx/CVE-2016-9048.json +++ b/2016/9xxx/CVE-2016-9048.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-19T00:00:00", - "ID" : "CVE-2016-9048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ProcessMaker Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "ProcessMaker Enterprise Core 3.0.1.7-community" - } - ] - } - } - ] - }, - "vendor_name" : "ProcessMaker" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-19T00:00:00", + "ID": "CVE-2016-9048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ProcessMaker Enterprise", + "version": { + "version_data": [ + { + "version_value": "ProcessMaker Enterprise Core 3.0.1.7-community" + } + ] + } + } + ] + }, + "vendor_name": "ProcessMaker" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9532.json b/2016/9xxx/CVE-2016-9532.json index 818772e872b..02163037be4 100644 --- a/2016/9xxx/CVE-2016-9532.json +++ b/2016/9xxx/CVE-2016-9532.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/11/14" - }, - { - "name" : "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/22/1" - }, - { - "name" : "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/21/1" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2592", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2592" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1397726", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1397726" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "94424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94424" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/22/1" + }, + { + "name": "[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/11/14" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2592", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2592" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + }, + { + "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2038.json b/2019/2xxx/CVE-2019-2038.json index 88a6832ba84..d3def34450e 100644 --- a/2019/2xxx/CVE-2019-2038.json +++ b/2019/2xxx/CVE-2019-2038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2970.json b/2019/2xxx/CVE-2019-2970.json index 89ee79b0f30..33d38fca240 100644 --- a/2019/2xxx/CVE-2019-2970.json +++ b/2019/2xxx/CVE-2019-2970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2970", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2970", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6214.json b/2019/6xxx/CVE-2019-6214.json index 8a856c72829..b99d4245e9d 100644 --- a/2019/6xxx/CVE-2019-6214.json +++ b/2019/6xxx/CVE-2019-6214.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "macOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "macOS Mojave 10.14.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - }, - { - "product_name" : "watchOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "watchOS 5.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A malicious application may be able to break out of its sandbox" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46298", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46298/" - }, - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209446", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209446" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "https://support.apple.com/HT209448", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209448" - }, - { - "name" : "106739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to break out of its sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT209446", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209446" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "46298", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46298/" + }, + { + "name": "https://support.apple.com/HT209448", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209448" + }, + { + "name": "106739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106739" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6768.json b/2019/6xxx/CVE-2019-6768.json index 02b529a8325..7a4840a7159 100644 --- a/2019/6xxx/CVE-2019-6768.json +++ b/2019/6xxx/CVE-2019-6768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6874.json b/2019/6xxx/CVE-2019-6874.json index 1aa23e098a3..08e41746d56 100644 --- a/2019/6xxx/CVE-2019-6874.json +++ b/2019/6xxx/CVE-2019-6874.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6874", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6874", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7141.json b/2019/7xxx/CVE-2019-7141.json index 01c908abf11..1f02c6e4de8 100644 --- a/2019/7xxx/CVE-2019-7141.json +++ b/2019/7xxx/CVE-2019-7141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7372.json b/2019/7xxx/CVE-2019-7372.json index d973d8189ee..89c1a14782e 100644 --- a/2019/7xxx/CVE-2019-7372.json +++ b/2019/7xxx/CVE-2019-7372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7372", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7372", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7569.json b/2019/7xxx/CVE-2019-7569.json index 661d825ebc3..93e341cf573 100644 --- a/2019/7xxx/CVE-2019-7569.json +++ b/2019/7xxx/CVE-2019-7569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/millken/doyocms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/millken/doyocms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/millken/doyocms/issues/1", + "refsource": "MISC", + "url": "https://github.com/millken/doyocms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7963.json b/2019/7xxx/CVE-2019-7963.json index 6dbdcf2b8ca..734ee898583 100644 --- a/2019/7xxx/CVE-2019-7963.json +++ b/2019/7xxx/CVE-2019-7963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7963", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7963", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file