diff --git a/2007/2xxx/CVE-2007-2450.json b/2007/2xxx/CVE-2007-2450.json index 91e717862c3..306abd82e66 100644 --- a/2007/2xxx/CVE-2007-2450.json +++ b/2007/2xxx/CVE-2007-2450.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471357/100/0/threaded" - }, - { - "name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded" - }, - { - "name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://support.apple.com/kb/HT2163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2163" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" - }, - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" - }, - { - "name" : "APPLE-SA-2008-06-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" - }, - { - "name" : "DSA-1468", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1468" - }, - { - "name" : "FEDORA-2007-3456", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" - }, - { - "name" : "HPSBUX02262", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSRT071447", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "MDKSA-2007:241", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" - }, - { - "name" : "RHSA-2007:0569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0569.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "239312", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "JVN#07100457", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2307100457/index.html" - }, - { - "name" : "24475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24475" - }, - { - "name" : "oval:org.mitre.oval:def:11287", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" - }, - { - "name" : "ADV-2007-2213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2213" - }, - { - "name" : "ADV-2007-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3386" - }, - { - "name" : "ADV-2008-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1981/references" - }, - { - "name" : "ADV-2008-1979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1979/references" - }, - { - "name" : "ADV-2009-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0233" - }, - { - "name" : "36079", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36079" - }, - { - "name" : "1018245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018245" - }, - { - "name" : "25678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25678" - }, - { - "name" : "26076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26076" - }, - { - "name" : "27037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27037" - }, - { - "name" : "27727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27727" - }, - { - "name" : "28549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28549" - }, - { - "name" : "30802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30802" - }, - { - "name" : "30908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30908" - }, - { - "name" : "30899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30899" - }, - { - "name" : "33668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33668" - }, - { - "name" : "2813", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2813" - }, - { - "name" : "tomcat-hostmanager-xss(34868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "30908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30908" + }, + { + "name": "http://support.apple.com/kb/HT2163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2163" + }, + { + "name": "239312", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" + }, + { + "name": "36079", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36079" + }, + { + "name": "ADV-2008-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1981/references" + }, + { + "name": "30899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30899" + }, + { + "name": "oval:org.mitre.oval:def:11287", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11287" + }, + { + "name": "FEDORA-2007-3456", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" + }, + { + "name": "ADV-2008-1979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1979/references" + }, + { + "name": "RHSA-2007:0569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0569.html" + }, + { + "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" + }, + { + "name": "1018245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018245" + }, + { + "name": "33668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33668" + }, + { + "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" + }, + { + "name": "28549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28549" + }, + { + "name": "20070614 [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471357/100/0/threaded" + }, + { + "name": "APPLE-SA-2008-06-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" + }, + { + "name": "ADV-2009-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0233" + }, + { + "name": "25678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25678" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "ADV-2007-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3386" + }, + { + "name": "30802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30802" + }, + { + "name": "27037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27037" + }, + { + "name": "SSRT071447", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "27727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27727" + }, + { + "name": "24475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24475" + }, + { + "name": "HPSBUX02262", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "tomcat-hostmanager-xss(34868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34868" + }, + { + "name": "DSA-1468", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1468" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "26076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26076" + }, + { + "name": "JVN#07100457", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2307100457/index.html" + }, + { + "name": "ADV-2007-2213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2213" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" + }, + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" + }, + { + "name": "MDKSA-2007:241", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" + }, + { + "name": "2813", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2813" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3065.json b/2007/3xxx/CVE-2007-3065.json index 4ac64618631..69f09c7ec41 100644 --- a/2007/3xxx/CVE-2007-3065.json +++ b/2007/3xxx/CVE-2007-3065.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4019", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4019" - }, - { - "name" : "24273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24273" - }, - { - "name" : "ADV-2007-2044", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2044" - }, - { - "name" : "36309", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36309" - }, - { - "name" : "25524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2044", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2044" + }, + { + "name": "24273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24273" + }, + { + "name": "36309", + "refsource": "OSVDB", + "url": "http://osvdb.org/36309" + }, + { + "name": "4019", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4019" + }, + { + "name": "25524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25524" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3254.json b/2007/3xxx/CVE-2007-3254.json index 22ffbf5c0f9..aa1bd79f853 100644 --- a/2007/3xxx/CVE-2007-3254.json +++ b/2007/3xxx/CVE-2007-3254.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070622 SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472275/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt" - }, - { - "name" : "24521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24521" - }, - { - "name" : "37621", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37621" - }, - { - "name" : "37622", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37622" - }, - { - "name" : "37623", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37623" - }, - { - "name" : "37624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37624" - }, - { - "name" : "1018291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018291" - }, - { - "name" : "1018292", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018292" - }, - { - "name" : "25783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25783" - }, - { - "name" : "2845", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2845" - }, - { - "name" : "xedm-multiple-xss(35083)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070622 SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472275/100/0/threaded" + }, + { + "name": "37624", + "refsource": "OSVDB", + "url": "http://osvdb.org/37624" + }, + { + "name": "24521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24521" + }, + { + "name": "37623", + "refsource": "OSVDB", + "url": "http://osvdb.org/37623" + }, + { + "name": "25783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25783" + }, + { + "name": "37622", + "refsource": "OSVDB", + "url": "http://osvdb.org/37622" + }, + { + "name": "37621", + "refsource": "OSVDB", + "url": "http://osvdb.org/37621" + }, + { + "name": "1018292", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018292" + }, + { + "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt" + }, + { + "name": "2845", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2845" + }, + { + "name": "xedm-multiple-xss(35083)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35083" + }, + { + "name": "1018291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018291" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3810.json b/2007/3xxx/CVE-2007-3810.json index 612c4ad4f50..88655182955 100644 --- a/2007/3xxx/CVE-2007-3810.json +++ b/2007/3xxx/CVE-2007-3810.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4184", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4184" - }, - { - "name" : "24916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24916" - }, - { - "name" : "ADV-2007-2541", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2541" - }, - { - "name" : "36244", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36244" - }, - { - "name" : "26068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26068" - }, - { - "name" : "realtor747-index-sql-injection(35420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2541", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2541" + }, + { + "name": "36244", + "refsource": "OSVDB", + "url": "http://osvdb.org/36244" + }, + { + "name": "4184", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4184" + }, + { + "name": "realtor747-index-sql-injection(35420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35420" + }, + { + "name": "24916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24916" + }, + { + "name": "26068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26068" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3928.json b/2007/3xxx/CVE-2007-3928.json index d3a370eb0ac..ca8e4a35e27 100644 --- a/2007/3xxx/CVE-2007-3928.json +++ b/2007/3xxx/CVE-2007-3928.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070716 Yahoo Messenger 8.1 Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html" - }, - { - "name" : "http://www.xdisclose.com/advisory/XD100002.html", - "refsource" : "MISC", - "url" : "http://www.xdisclose.com/advisory/XD100002.html" - }, - { - "name" : "24926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24926" - }, - { - "name" : "1018398", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018398" - }, - { - "name" : "26066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26066" - }, - { - "name" : "2906", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2906" - }, - { - "name" : "yahoo-messenger-address-book-bo(35434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26066" + }, + { + "name": "http://www.xdisclose.com/advisory/XD100002.html", + "refsource": "MISC", + "url": "http://www.xdisclose.com/advisory/XD100002.html" + }, + { + "name": "24926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24926" + }, + { + "name": "1018398", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018398" + }, + { + "name": "2906", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2906" + }, + { + "name": "yahoo-messenger-address-book-bo(35434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35434" + }, + { + "name": "20070716 Yahoo Messenger 8.1 Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064669.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4060.json b/2007/4xxx/CVE-2007-4060.json index e05d28aa315..066bfb73d49 100644 --- a/2007/4xxx/CVE-2007-4060.json +++ b/2007/4xxx/CVE-2007-4060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4243", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4243" - }, - { - "name" : "25120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25120" - }, - { - "name" : "46831", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4243", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4243" + }, + { + "name": "46831", + "refsource": "OSVDB", + "url": "http://osvdb.org/46831" + }, + { + "name": "25120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25120" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4411.json b/2007/4xxx/CVE-2007-4411.json index ae62b042871..d078c13be92 100644 --- a/2007/4xxx/CVE-2007-4411.json +++ b/2007/4xxx/CVE-2007-4411.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070812 Multiple vulnerabilities in ircu", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476285/100/0/threaded" - }, - { - "name" : "25285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25285" - }, - { - "name" : "3031", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3031" - }, - { - "name" : "ircu-ip-information-disclosure(35997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3031", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3031" + }, + { + "name": "20070812 Multiple vulnerabilities in ircu", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476285/100/0/threaded" + }, + { + "name": "ircu-ip-information-disclosure(35997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35997" + }, + { + "name": "25285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25285" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4782.json b/2007/4xxx/CVE-2007-4782.json index 92c95c38aca..d3c80efc05b 100644 --- a/2007/4xxx/CVE-2007-4782.json +++ b/2007/4xxx/CVE-2007-4782.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a \"*[1]e\" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070904 PHP < 5.2.3 fnmatch() denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478630/100/0/threaded" - }, - { - "name" : "20070904 PHP < 5.2.3 glob() denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478626/100/0/threaded" - }, - { - "name" : "20070905 PHP < 5.2.3 glob() denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478726/100/0/threaded" - }, - { - "name" : "FEDORA-2008-3864", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html" - }, - { - "name" : "GLSA-200710-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" - }, - { - "name" : "MDVSA-2009:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" - }, - { - "name" : "MDVSA-2009:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" - }, - { - "name" : "RHSA-2008:0505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0505.html" - }, - { - "name" : "RHSA-2008:0544", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0544.html" - }, - { - "name" : "RHSA-2008:0545", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0545.html" - }, - { - "name" : "RHSA-2008:0582", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0582.html" - }, - { - "name" : "SUSE-SA:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" - }, - { - "name" : "USN-628-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-628-1" - }, - { - "name" : "38686", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38686" - }, - { - "name" : "oval:org.mitre.oval:def:10897", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897" - }, - { - "name" : "27102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27102" - }, - { - "name" : "28658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28658" - }, - { - "name" : "30828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30828" - }, - { - "name" : "31119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31119" - }, - { - "name" : "31200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31200" - }, - { - "name" : "3109", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3109" - }, - { - "name" : "php-fnmatch-dos(36457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36457" - }, - { - "name" : "php-globfunction-dos(36461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a \"*[1]e\" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-3864", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html" + }, + { + "name": "SUSE-SA:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" + }, + { + "name": "28658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28658" + }, + { + "name": "30828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30828" + }, + { + "name": "RHSA-2008:0582", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html" + }, + { + "name": "GLSA-200710-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" + }, + { + "name": "USN-628-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-628-1" + }, + { + "name": "20070904 PHP < 5.2.3 glob() denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478626/100/0/threaded" + }, + { + "name": "RHSA-2008:0545", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html" + }, + { + "name": "31119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31119" + }, + { + "name": "MDVSA-2009:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" + }, + { + "name": "MDVSA-2009:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" + }, + { + "name": "php-fnmatch-dos(36457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36457" + }, + { + "name": "31200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31200" + }, + { + "name": "oval:org.mitre.oval:def:10897", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10897" + }, + { + "name": "RHSA-2008:0544", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html" + }, + { + "name": "38686", + "refsource": "OSVDB", + "url": "http://osvdb.org/38686" + }, + { + "name": "php-globfunction-dos(36461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36461" + }, + { + "name": "27102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27102" + }, + { + "name": "20070904 PHP < 5.2.3 fnmatch() denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478630/100/0/threaded" + }, + { + "name": "RHSA-2008:0505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html" + }, + { + "name": "3109", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3109" + }, + { + "name": "20070905 PHP < 5.2.3 glob() denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478726/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4920.json b/2007/4xxx/CVE-2007-4920.json index 423114b9bb7..a82c678fa63 100644 --- a/2007/4xxx/CVE-2007-4920.json +++ b/2007/4xxx/CVE-2007-4920.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4407", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4407" - }, - { - "name" : "25668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25668" - }, - { - "name" : "ADV-2007-3177", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3177" - }, - { - "name" : "37084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/37084" - }, - { - "name" : "26821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26821" - }, - { - "name" : "phpwebquest-suportederechaw-sql-injection(36605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpwebquest-suportederechaw-sql-injection(36605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36605" + }, + { + "name": "26821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26821" + }, + { + "name": "4407", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4407" + }, + { + "name": "ADV-2007-3177", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3177" + }, + { + "name": "25668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25668" + }, + { + "name": "37084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/37084" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6102.json b/2007/6xxx/CVE-2007-6102.json index 3afedfb7218..7c7a2295fb1 100644 --- a/2007/6xxx/CVE-2007-6102.json +++ b/2007/6xxx/CVE-2007-6102.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/security/vuln/documents/2007/JVN_33218020.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/security/vuln/documents/2007/JVN_33218020.html" - }, - { - "name" : "http://eduforge.org/forum/forum.php?forum_id=1227", - "refsource" : "CONFIRM", - "url" : "http://eduforge.org/forum/forum.php?forum_id=1227" - }, - { - "name" : "JVN#33218020", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2333218020/index.html" - }, - { - "name" : "ADV-2007-3961", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3961" - }, - { - "name" : "38870", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38870" - }, - { - "name" : "27749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://eduforge.org/forum/forum.php?forum_id=1227", + "refsource": "CONFIRM", + "url": "http://eduforge.org/forum/forum.php?forum_id=1227" + }, + { + "name": "JVN#33218020", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2333218020/index.html" + }, + { + "name": "27749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27749" + }, + { + "name": "http://www.ipa.go.jp/security/vuln/documents/2007/JVN_33218020.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/security/vuln/documents/2007/JVN_33218020.html" + }, + { + "name": "ADV-2007-3961", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3961" + }, + { + "name": "38870", + "refsource": "OSVDB", + "url": "http://osvdb.org/38870" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6126.json b/2007/6xxx/CVE-2007-6126.json index 7050ea6218e..6359209da19 100644 --- a/2007/6xxx/CVE-2007-6126.json +++ b/2007/6xxx/CVE-2007-6126.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4655" - }, - { - "name" : "26565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26565" - }, - { - "name" : "ADV-2007-3999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3999" - }, - { - "name" : "27820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27820" - }, - { - "name" : "projectalumni-index-xss(38621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "projectalumni-index-xss(38621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38621" + }, + { + "name": "4655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4655" + }, + { + "name": "26565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26565" + }, + { + "name": "ADV-2007-3999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3999" + }, + { + "name": "27820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27820" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6137.json b/2007/6xxx/CVE-2007-6137.json index 827aee94d3c..c4c50505b9c 100644 --- a/2007/6xxx/CVE-2007-6137.json +++ b/2007/6xxx/CVE-2007-6137.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4645", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4645" - }, - { - "name" : "26547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26547" - }, - { - "name" : "ADV-2007-3994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3994" - }, - { - "name" : "38801", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38801" - }, - { - "name" : "27792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27792" - }, - { - "name" : "contentinjector-news-sql-injection(38627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3994" + }, + { + "name": "26547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26547" + }, + { + "name": "4645", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4645" + }, + { + "name": "27792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27792" + }, + { + "name": "38801", + "refsource": "OSVDB", + "url": "http://osvdb.org/38801" + }, + { + "name": "contentinjector-news-sql-injection(38627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38627" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6314.json b/2007/6xxx/CVE-2007-6314.json index eb4b0a2ec8c..6029deba014 100644 --- a/2007/6xxx/CVE-2007-6314.json +++ b/2007/6xxx/CVE-2007-6314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484833/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/barradrive-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/barradrive-adv.txt" - }, - { - "name" : "26805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26805" - }, - { - "name" : "28032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28032" - }, - { - "name" : "3434", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3434" - }, - { - "name" : "barracudadrive-source-code-disclosure(38972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071210 Multiple vulnerabilities in BarracudaDrive 3.7.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484833/100/0/threaded" + }, + { + "name": "barracudadrive-source-code-disclosure(38972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38972" + }, + { + "name": "28032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28032" + }, + { + "name": "http://aluigi.altervista.org/adv/barradrive-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/barradrive-adv.txt" + }, + { + "name": "3434", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3434" + }, + { + "name": "26805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26805" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6492.json b/2007/6xxx/CVE-2007-6492.json index 493cc4ac2a5..e523610945e 100644 --- a/2007/6xxx/CVE-2007-6492.json +++ b/2007/6xxx/CVE-2007-6492.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071218 iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485261/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/rgod_imesh.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/rgod_imesh.html" - }, - { - "name" : "ADV-2007-4240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4240" - }, - { - "name" : "40240", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40240" - }, - { - "name" : "28134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40240", + "refsource": "OSVDB", + "url": "http://osvdb.org/40240" + }, + { + "name": "ADV-2007-4240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4240" + }, + { + "name": "20071218 iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485261/100/0/threaded" + }, + { + "name": "28134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28134" + }, + { + "name": "http://retrogod.altervista.org/rgod_imesh.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/rgod_imesh.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1458.json b/2010/1xxx/CVE-2010-1458.json index ee670488fde..085ad3888cd 100644 --- a/2010/1xxx/CVE-2010-1458.json +++ b/2010/1xxx/CVE-2010-1458.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100419 [CORELAN-10-026] TweakFS Zip Stack BOF", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0242.html" - }, - { - "name" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026" - }, - { - "name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-026-tweakfs-zip-utility-version-1-0-stack-bof/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-026-tweakfs-zip-utility-version-1-0-stack-bof/" - }, - { - "name" : "39565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39565" - }, - { - "name" : "63899", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63899" - }, - { - "name" : "39519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39519" - }, - { - "name" : "tzu-zip-bo(57912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63899", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63899" + }, + { + "name": "39519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39519" + }, + { + "name": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-026-tweakfs-zip-utility-version-1-0-stack-bof/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-026-tweakfs-zip-utility-version-1-0-stack-bof/" + }, + { + "name": "20100419 [CORELAN-10-026] TweakFS Zip Stack BOF", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0242.html" + }, + { + "name": "tzu-zip-bo(57912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57912" + }, + { + "name": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026" + }, + { + "name": "39565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39565" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5135.json b/2010/5xxx/CVE-2010-5135.json index 3f8d17b5557..d5eb3778e0d 100644 --- a/2010/5xxx/CVE-2010-5135.json +++ b/2010/5xxx/CVE-2010-5135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5135", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5135", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0979.json b/2014/0xxx/CVE-2014-0979.json index 726b1f8a368..68950b57607 100644 --- a/2014/0xxx/CVE-2014-0979.json +++ b/2014/0xxx/CVE-2014-0979.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/07/15" - }, - { - "name" : "https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=857303", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=857303" - }, - { - "name" : "FEDORA-2014-1647", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html" - }, - { - "name" : "FEDORA-2014-1648", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html" - }, - { - "name" : "openSUSE-SU-2014:0071", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html" - }, - { - "name" : "64679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64679" - }, - { - "name" : "56211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56211" - }, - { - "name" : "56423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64679" + }, + { + "name": "FEDORA-2014-1648", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=857303", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=857303" + }, + { + "name": "[oss-security] 20140107 Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/07/15" + }, + { + "name": "FEDORA-2014-1647", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html" + }, + { + "name": "openSUSE-SU-2014:0071", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html" + }, + { + "name": "56211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56211" + }, + { + "name": "https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449" + }, + { + "name": "56423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56423" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1226.json b/2014/1xxx/CVE-2014-1226.json index a315ab50a9f..850ecc27c0c 100644 --- a/2014/1xxx/CVE-2014-1226.json +++ b/2014/1xxx/CVE-2014-1226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140603 CVE-2014-1226 s3dvt Root shell (still)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532278/100/0/threaded" - }, - { - "name" : "20140604 CVE-2014-1226 s3dvt Root shell (still)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/12" - }, - { - "name" : "[oss-security] 20140603 CVE-2014-1226 s3dvt Root shell (still)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/13" - }, - { - "name" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", - "refsource" : "MISC", - "url" : "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140603 CVE-2014-1226 s3dvt Root shell (still)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532278/100/0/threaded" + }, + { + "name": "20140604 CVE-2014-1226 s3dvt Root shell (still)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/12" + }, + { + "name": "[oss-security] 20140603 CVE-2014-1226 s3dvt Root shell (still)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/03/13" + }, + { + "name": "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html", + "refsource": "MISC", + "url": "http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1651.json b/2014/1xxx/CVE-2014-1651.json index 931c019c7b6..45f690e6646 100644 --- a/2014/1xxx/CVE-2014-1651.json +++ b/2014/1xxx/CVE-2014-1651.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-1651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00" - }, - { - "name" : "VU#719172", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/719172" - }, - { - "name" : "67754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67754" - }, - { - "name" : "1030443", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030443", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030443" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00" + }, + { + "name": "67754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67754" + }, + { + "name": "VU#719172", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/719172" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1880.json b/2014/1xxx/CVE-2014-1880.json index 48ebd74ec27..0fdc653447a 100644 --- a/2014/1xxx/CVE-2014-1880.json +++ b/2014/1xxx/CVE-2014-1880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5143.json b/2014/5xxx/CVE-2014-5143.json index 8bd81ab85ab..dce90992e11 100644 --- a/2014/5xxx/CVE-2014-5143.json +++ b/2014/5xxx/CVE-2014-5143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5192.json b/2014/5xxx/CVE-2014-5192.json index 02c80072ba3..432ba05a267 100644 --- a/2014/5xxx/CVE-2014-5192.json +++ b/2014/5xxx/CVE-2014-5192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34189", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34189" - }, - { - "name" : "sphider-admin-sql-injection(95016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sphider-admin-sql-injection(95016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95016" + }, + { + "name": "34189", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34189" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5510.json b/2014/5xxx/CVE-2014-5510.json index 24e3d8b6640..b38348c7f96 100644 --- a/2014/5xxx/CVE-2014-5510.json +++ b/2014/5xxx/CVE-2014-5510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5543.json b/2014/5xxx/CVE-2014-5543.json index a533c429b68..6d72c00a1b9 100644 --- a/2014/5xxx/CVE-2014-5543.json +++ b/2014/5xxx/CVE-2014-5543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application 1.0.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#171273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/171273" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application 1.0.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#171273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/171273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2103.json b/2015/2xxx/CVE-2015-2103.json index 5034ab9427d..8cedd7fc126 100644 --- a/2015/2xxx/CVE-2015-2103.json +++ b/2015/2xxx/CVE-2015-2103.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150214 Cosmoshop - XSS on Admin-Login Mask", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534710/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130403/Cosmoshop-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130403/Cosmoshop-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150214 Cosmoshop - XSS on Admin-Login Mask", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534710/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/130403/Cosmoshop-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130403/Cosmoshop-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2223.json b/2015/2xxx/CVE-2015-2223.json index 241193af35b..081f6e75a72 100644 --- a/2015/2xxx/CVE-2015-2223.json +++ b/2015/2xxx/CVE-2015-2223.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150329 CVE-2015-2223: Palo Alto Traps Server Stored XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535113/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html" - }, - { - "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/34", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/34" - }, - { - "name" : "73704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/34", + "refsource": "CONFIRM", + "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/34" + }, + { + "name": "20150329 CVE-2015-2223: Palo Alto Traps Server Stored XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535113/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131182/Palo-Alto-Traps-Server-3.1.2.1546-Cross-Site-Scripting.html" + }, + { + "name": "73704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73704" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2646.json b/2015/2xxx/CVE-2015-2646.json index ba092d1aaf6..13c9fe900fb 100644 --- a/2015/2xxx/CVE-2015-2646.json +++ b/2015/2xxx/CVE-2015-2646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote attackers to affect integrity via unknown vectors related to Content Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "SUSE-SU-2015:1353", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html" - }, - { - "name" : "1032918", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM DB Control: 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote attackers to affect integrity via unknown vectors related to Content Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032918", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032918" + }, + { + "name": "SUSE-SU-2015:1353", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2698.json b/2015/2xxx/CVE-2015-2698.json index e16e4e212fa..91a97e56877 100644 --- a/2015/2xxx/CVE-2015-2698.json +++ b/2015/2xxx/CVE-2015-2698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273" - }, - { - "name" : "https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd" - }, - { - "name" : "openSUSE-SU-2015:2376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html" - }, - { - "name" : "openSUSE-SU-2015:2055", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html" - }, - { - "name" : "USN-2810-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2810-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273" + }, + { + "name": "openSUSE-SU-2015:2055", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html" + }, + { + "name": "openSUSE-SU-2015:2376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html" + }, + { + "name": "USN-2810-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2810-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2951.json b/2015/2xxx/CVE-2015-2951.json index b7411bc1595..b03d42d9541 100644 --- a/2015/2xxx/CVE-2015-2951.json +++ b/2015/2xxx/CVE-2015-2951.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6", - "refsource" : "CONFIRM", - "url" : "https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6" - }, - { - "name" : "JVN#06120222", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06120222/index.html" - }, - { - "name" : "JVNDB-2015-000073", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000073" - }, - { - "name" : "75021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#06120222", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06120222/index.html" + }, + { + "name": "75021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75021" + }, + { + "name": "JVNDB-2015-000073", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000073" + }, + { + "name": "https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6", + "refsource": "CONFIRM", + "url": "https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6257.json b/2015/6xxx/CVE-2015-6257.json index 667c1eed51f..4334ce61eb3 100644 --- a/2015/6xxx/CVE-2015-6257.json +++ b/2015/6xxx/CVE-2015-6257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0969.json b/2016/0xxx/CVE-2016-0969.json index b8cb977b15b..4777a141749 100644 --- a/2016/0xxx/CVE-2016-0969.json +++ b/2016/0xxx/CVE-2016-0969.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html" - }, - { - "name" : "GLSA-201603-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-07" - }, - { - "name" : "RHSA-2016:0166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0166.html" - }, - { - "name" : "SUSE-SU-2016:0398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html" - }, - { - "name" : "SUSE-SU-2016:0400", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html" - }, - { - "name" : "openSUSE-SU-2016:0412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0415", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html" - }, - { - "name" : "1034970", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0400", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html" + }, + { + "name": "1034970", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034970" + }, + { + "name": "GLSA-201603-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-07" + }, + { + "name": "RHSA-2016:0166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html" + }, + { + "name": "openSUSE-SU-2016:0415", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html" + }, + { + "name": "openSUSE-SU-2016:0412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html" + }, + { + "name": "SUSE-SU-2016:0398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000109.json b/2016/1000xxx/CVE-2016-1000109.json index a84c85bf2ff..518b9a9effc 100644 --- a/2016/1000xxx/CVE-2016-1000109.json +++ b/2016/1000xxx/CVE-2016-1000109.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000109", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000109", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10376.json b/2016/10xxx/CVE-2016-10376.json index 94f6df16594..f2d063bf9ad 100644 --- a/2016/10xxx/CVE-2016-10376.json +++ b/2016/10xxx/CVE-2016-10376.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/863445", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/863445" - }, - { - "name" : "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc", - "refsource" : "MISC", - "url" : "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc" - }, - { - "name" : "https://dev.gajim.org/gajim/gajim/issues/8378", - "refsource" : "MISC", - "url" : "https://dev.gajim.org/gajim/gajim/issues/8378" - }, - { - "name" : "https://mail.jabber.org/pipermail/standards/2016-August/031335.html", - "refsource" : "MISC", - "url" : "https://mail.jabber.org/pipermail/standards/2016-August/031335.html" - }, - { - "name" : "DSA-3943", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3943" - }, - { - "name" : "GLSA-201707-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc", + "refsource": "MISC", + "url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc" + }, + { + "name": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html", + "refsource": "MISC", + "url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html" + }, + { + "name": "GLSA-201707-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-14" + }, + { + "name": "DSA-3943", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3943" + }, + { + "name": "https://dev.gajim.org/gajim/gajim/issues/8378", + "refsource": "MISC", + "url": "https://dev.gajim.org/gajim/gajim/issues/8378" + }, + { + "name": "https://bugs.debian.org/863445", + "refsource": "MISC", + "url": "https://bugs.debian.org/863445" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4080.json b/2016/4xxx/CVE-2016-4080.json index 5f7420d2d4a..47357cc8f50 100644 --- a/2016/4xxx/CVE-2016-4080.json +++ b/2016/4xxx/CVE-2016-4080.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-23.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ad097385c05c370440fb810e67f811398efc0ea0", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ad097385c05c370440fb810e67f811398efc0ea0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "DSA-3585", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3585" - }, - { - "name" : "1035685", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242" + }, + { + "name": "1035685", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035685" + }, + { + "name": "DSA-3585", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3585" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-23.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-23.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ad097385c05c370440fb810e67f811398efc0ea0", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ad097385c05c370440fb810e67f811398efc0ea0" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4186.json b/2016/4xxx/CVE-2016-4186.json index 45f411270ba..f93c4198d31 100644 --- a/2016/4xxx/CVE-2016-4186.json +++ b/2016/4xxx/CVE-2016-4186.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4248.json b/2016/4xxx/CVE-2016-4248.json index c67106c1c9b..0d695bd9fb8 100644 --- a/2016/4xxx/CVE-2016-4248.json +++ b/2016/4xxx/CVE-2016-4248.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "MS16-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91719" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91719" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "MS16-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4689.json b/2016/4xxx/CVE-2016-4689.json index 67d834915c0..b09bc205a00 100644 --- a/2016/4xxx/CVE-2016-4689.json +++ b/2016/4xxx/CVE-2016-4689.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Mail\" component, which does not alert the user to an S/MIME email signature that used a revoked certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "94850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94850" - }, - { - "name" : "1037429", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Mail\" component, which does not alert the user to an S/MIME email signature that used a revoked certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "1037429", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037429" + }, + { + "name": "94850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94850" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8453.json b/2016/8xxx/CVE-2016-8453.json index 120105c8616..a10a6758d12 100644 --- a/2016/8xxx/CVE-2016-8453.json +++ b/2016/8xxx/CVE-2016-8453.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95240" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9135.json b/2016/9xxx/CVE-2016-9135.json index e4b495d4cb8..dc285b390a6 100644 --- a/2016/9xxx/CVE-2016-9135.json +++ b/2016/9xxx/CVE-2016-9135.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in \"/framework/modules/help/controllers/helpController.php\" affecting the version parameter. Impact is Information Disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db" - }, - { - "name" : "94127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in \"/framework/modules/help/controllers/helpController.php\" affecting the version parameter. Impact is Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db" + }, + { + "name": "94127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94127" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9430.json b/2016/9xxx/CVE-2016-9430.json index 1b256ebd184..bff84390a17 100644 --- a/2016/9xxx/CVE-2016-9430.json +++ b/2016/9xxx/CVE-2016-9430.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/7", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/7" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "https://github.com/tats/w3m/issues/7", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/7" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9761.json b/2016/9xxx/CVE-2016-9761.json index a380752ee6f..afd2459b7fc 100644 --- a/2016/9xxx/CVE-2016-9761.json +++ b/2016/9xxx/CVE-2016-9761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9761", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9761", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9993.json b/2016/9xxx/CVE-2016-9993.json index 2bcc44486c8..fdbb80ba59b 100644 --- a/2016/9xxx/CVE-2016-9993.json +++ b/2016/9xxx/CVE-2016-9993.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LCMS Premier on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.3.0" - }, - { - "version_value" : "9.4.0" - }, - { - "version_value" : "9.5.0" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LCMS Premier on Cloud", + "version": { + "version_data": [ + { + "version_value": "" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.3.0" + }, + { + "version_value": "9.4.0" + }, + { + "version_value": "9.5.0" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21992067", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21992067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21992067", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21992067" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2008.json b/2019/2xxx/CVE-2019-2008.json index 8781fa47529..14b517679cc 100644 --- a/2019/2xxx/CVE-2019-2008.json +++ b/2019/2xxx/CVE-2019-2008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2124.json b/2019/2xxx/CVE-2019-2124.json index 8307cd57035..ee17e36da8f 100644 --- a/2019/2xxx/CVE-2019-2124.json +++ b/2019/2xxx/CVE-2019-2124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2184.json b/2019/2xxx/CVE-2019-2184.json index a4bb50034ab..fb6b45e53f0 100644 --- a/2019/2xxx/CVE-2019-2184.json +++ b/2019/2xxx/CVE-2019-2184.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2184", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2184", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3111.json b/2019/3xxx/CVE-2019-3111.json index c16ee6a12d3..8ed92886b68 100644 --- a/2019/3xxx/CVE-2019-3111.json +++ b/2019/3xxx/CVE-2019-3111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3111", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3111", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3129.json b/2019/3xxx/CVE-2019-3129.json index 7efe0139ebf..839c4c45f90 100644 --- a/2019/3xxx/CVE-2019-3129.json +++ b/2019/3xxx/CVE-2019-3129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3129", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3129", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3857.json b/2019/3xxx/CVE-2019-3857.json index ca4e46cd568..48158a6b8d1 100644 --- a/2019/3xxx/CVE-2019-3857.json +++ b/2019/3xxx/CVE-2019-3857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3926.json b/2019/3xxx/CVE-2019-3926.json index 3ed9f6aa083..1ef8e2196bb 100644 --- a/2019/3xxx/CVE-2019-3926.json +++ b/2019/3xxx/CVE-2019-3926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6345.json b/2019/6xxx/CVE-2019-6345.json index 46124b9eb67..414710c2beb 100644 --- a/2019/6xxx/CVE-2019-6345.json +++ b/2019/6xxx/CVE-2019-6345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6416.json b/2019/6xxx/CVE-2019-6416.json index c20d1191244..f2e0f4d89b9 100644 --- a/2019/6xxx/CVE-2019-6416.json +++ b/2019/6xxx/CVE-2019-6416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6652.json b/2019/6xxx/CVE-2019-6652.json index c17bba5a1c2..fec8cdfbe64 100644 --- a/2019/6xxx/CVE-2019-6652.json +++ b/2019/6xxx/CVE-2019-6652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6823.json b/2019/6xxx/CVE-2019-6823.json index 38346331381..0888540e8c4 100644 --- a/2019/6xxx/CVE-2019-6823.json +++ b/2019/6xxx/CVE-2019-6823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7624.json b/2019/7xxx/CVE-2019-7624.json index d15593b24c5..f167b88b814 100644 --- a/2019/7xxx/CVE-2019-7624.json +++ b/2019/7xxx/CVE-2019-7624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7792.json b/2019/7xxx/CVE-2019-7792.json index fcd6cd8d139..4dfb43daa9e 100644 --- a/2019/7xxx/CVE-2019-7792.json +++ b/2019/7xxx/CVE-2019-7792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7792", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7792", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7934.json b/2019/7xxx/CVE-2019-7934.json index 5467ab48e3c..1eb151f480a 100644 --- a/2019/7xxx/CVE-2019-7934.json +++ b/2019/7xxx/CVE-2019-7934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7934", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7934", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7977.json b/2019/7xxx/CVE-2019-7977.json index eab6ad9b5ab..a3eba75e12b 100644 --- a/2019/7xxx/CVE-2019-7977.json +++ b/2019/7xxx/CVE-2019-7977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8706.json b/2019/8xxx/CVE-2019-8706.json index c5cc96e42b0..8cd37e78c77 100644 --- a/2019/8xxx/CVE-2019-8706.json +++ b/2019/8xxx/CVE-2019-8706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file