diff --git a/2008/2xxx/CVE-2008-2956.json b/2008/2xxx/CVE-2008-2956.json index a4eb7f78bd1..a52b7a841b2 100644 --- a/2008/2xxx/CVE-2008-2956.json +++ b/2008/2xxx/CVE-2008-2956.json @@ -1,17 +1,40 @@ { - "data_version": "4.0", - "data_type": "CVE", - "data_format": "MITRE", "CVE_data_meta": { - "ID": "CVE-2008-2956", "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2956", "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "CVE-2008-2956 pidgin: memory leak in XML parser" + "value": "** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details.\"" } ] }, @@ -21,108 +44,48 @@ "description": [ { "lang": "eng", - "value": "Missing Release of Memory after Effective Lifetime", - "cweId": "CWE-401" + "value": "n/a" } ] } ] }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a", - "version_affected": "=" - } - ] - } - } - ] - } - } - ] - } - }, "references": { "reference_data": [ { - "url": "http://www.securityfocus.com/bid/29985", - "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/29985" + "name": "29985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29985" }, { - "url": "http://crisp.cs.du.edu/?q=ca2007-1", - "refsource": "MISC", - "name": "http://crisp.cs.du.edu/?q=ca2007-1" + "name": "[oss-security] 20080627 CVE Request (pidgin)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/27/3" }, { - "url": "http://www.openwall.com/lists/oss-security/2008/06/27/3", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2008/06/27/3" + "name": "31387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31387" }, { - "url": "http://secunia.com/advisories/31387", - "refsource": "MISC", - "name": "http://secunia.com/advisories/31387" + "name": "20080806 rPSA-2008-0246-1 gaim", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded" }, { - "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246", + "name": "http://crisp.cs.du.edu/?q=ca2007-1", "refsource": "MISC", - "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246" + "url": "http://crisp.cs.du.edu/?q=ca2007-1" }, { - "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded", - "refsource": "MISC", - "name": "http://www.securityfocus.com/archive/1/495165/100/0/threaded" + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246" }, { - "url": "https://issues.rpath.com/browse/RPL-2647", - "refsource": "MISC", - "name": "https://issues.rpath.com/browse/RPL-2647" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2008-2956", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2008-2956" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453739", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=453739" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" + "name": "https://issues.rpath.com/browse/RPL-2647", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2647" } ] } diff --git a/2009/3xxx/CVE-2009-3559.json b/2009/3xxx/CVE-2009-3559.json index 71cc493d3ae..627f4601411 100644 --- a/2009/3xxx/CVE-2009-3559.json +++ b/2009/3xxx/CVE-2009-3559.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy." + "value": "** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy." } ] }, @@ -67,6 +67,26 @@ "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, + { + "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" + }, + { + "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" + }, + { + "name": "MDVSA-2009:302", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" + }, + { + "name": "http://bugs.php.net/bug.php?id=50063", + "refsource": "MISC", + "url": "http://bugs.php.net/bug.php?id=50063" + }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", @@ -77,30 +97,10 @@ "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, - { - "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" - }, { "name": "http://www.php.net/releases/5_3_1.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_3_1.php" - }, - { - "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" - }, - { - "name": "http://bugs.php.net/bug.php?id=50063", - "refsource": "MISC", - "url": "http://bugs.php.net/bug.php?id=50063" - }, - { - "name": "MDVSA-2009:302", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" } ] } diff --git a/2010/2xxx/CVE-2010-2532.json b/2010/2xxx/CVE-2010-2532.json index 4867416e863..93699f95c6f 100644 --- a/2010/2xxx/CVE-2010-2532.json +++ b/2010/2xxx/CVE-2010-2532.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments." + "value": "** DISPUTED ** lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments." } ] }, @@ -52,21 +52,11 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608", - "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608" - }, { "name": "[oss-security] 20100715 CVE request: lxsession-logout", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/07/15/1" }, - { - "name": "https://bugzilla.novell.com/show_bug.cgi?id=622083", - "refsource": "CONFIRM", - "url": "https://bugzilla.novell.com/show_bug.cgi?id=622083" - }, { "name": "SUSE-SR:2010:014", "refsource": "SUSE", @@ -77,6 +67,16 @@ "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/07/16/4" }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=622083", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=622083" + }, { "name": "https://bugzillafiles.novell.org/attachment.cgi?id=375737", "refsource": "CONFIRM", diff --git a/2011/2xxx/CVE-2011-2906.json b/2011/2xxx/CVE-2011-2906.json index 93a16d1f34c..2164e66efa4 100644 --- a/2011/2xxx/CVE-2011-2906.json +++ b/2011/2xxx/CVE-2011-2906.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor." + "value": "** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor." } ] }, diff --git a/2011/3xxx/CVE-2011-3640.json b/2011/3xxx/CVE-2011-3640.json index a5478c33910..de1540b0ac9 100644 --- a/2011/3xxx/CVE-2011-3640.json +++ b/2011/3xxx/CVE-2011-3640.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"" + "value": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"" } ] }, @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "refsource": "MISC", - "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052" - }, - { - "name": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "refsource": "MISC", - "url": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html" - }, { "name": "openSUSE-SU-2012:0063", "refsource": "SUSE", @@ -82,10 +72,20 @@ "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" }, + { + "name": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", + "refsource": "MISC", + "url": "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html" + }, { "name": "http://code.google.com/p/chromium/issues/detail?id=97426", "refsource": "MISC", "url": "http://code.google.com/p/chromium/issues/detail?id=97426" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=641052" } ] } diff --git a/2012/0xxx/CVE-2012-0039.json b/2012/0xxx/CVE-2012-0039.json index ffff1b2339d..79e9da214ae 100644 --- a/2012/0xxx/CVE-2012-0039.json +++ b/2012/0xxx/CVE-2012-0039.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application." + "value": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application." } ] }, @@ -62,15 +62,15 @@ "refsource": "MLIST", "url": "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html" }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772720", - "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720" - }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=772720", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720" } ] } diff --git a/2012/2xxx/CVE-2012-2128.json b/2012/2xxx/CVE-2012-2128.json index 6698e1d35ad..7b91ec6f75b 100644 --- a/2012/2xxx/CVE-2012-2128.json +++ b/2012/2xxx/CVE-2012-2128.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: \"the exploit code simply uses the XSS hole to extract a valid CSRF token.\"" + "value": "** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: \"the exploit code simply uses the XSS hole to extract a valid CSRF token.\"" } ] }, @@ -62,16 +62,6 @@ "refsource": "BID", "url": "http://www.securityfocus.com/bid/53041" }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=815122", - "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815122" - }, - { - "name": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2488", - "refsource": "MISC", - "url": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2488" - }, { "name": "20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit", "refsource": "BUGTRAQ", @@ -87,15 +77,25 @@ "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/22/4" }, + { + "name": "48848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48848" + }, + { + "name": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2488", + "refsource": "MISC", + "url": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2488" + }, { "name": "http://ircrash.com/uploads/dokuwiki.txt", "refsource": "MISC", "url": "http://ircrash.com/uploads/dokuwiki.txt" }, { - "name": "48848", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/48848" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=815122", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815122" } ] } diff --git a/2012/2xxx/CVE-2012-2657.json b/2012/2xxx/CVE-2012-2657.json index ae299d53fe3..6255e9a9fdf 100644 --- a/2012/2xxx/CVE-2012-2657.json +++ b/2012/2xxx/CVE-2012-2657.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." + "value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." } ] }, diff --git a/2012/2xxx/CVE-2012-2658.json b/2012/2xxx/CVE-2012-2658.json index 8f438eb4271..c68cee4f4e2 100644 --- a/2012/2xxx/CVE-2012-2658.json +++ b/2012/2xxx/CVE-2012-2658.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." + "value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context." } ] }, diff --git a/2012/5xxx/CVE-2012-5613.json b/2012/5xxx/CVE-2012-5613.json index 1c4650a9101..f07ba5f5b6b 100644 --- a/2012/5xxx/CVE-2012-5613.json +++ b/2012/5xxx/CVE-2012-5613.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue." + "value": "** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue." } ] }, diff --git a/2013/0xxx/CVE-2013-0346.json b/2013/0xxx/CVE-2013-0346.json index b31b1a8d9eb..7098b3d38d6 100644 --- a/2013/0xxx/CVE-2013-0346.json +++ b/2013/0xxx/CVE-2013-0346.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated \"The tomcat log directory does not contain any sensitive information.\"" + "value": "** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated \"The tomcat log directory does not contain any sensitive information.\"" } ] }, @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=924841", - "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924841" - }, { "name": "[oss-security] 20130222 Re: Cve request: tomcat world-readable logdir", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/23/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=924841", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924841" } ] } diff --git a/2015/10xxx/CVE-2015-10079.json b/2015/10xxx/CVE-2015-10079.json new file mode 100644 index 00000000000..61084d1b99f --- /dev/null +++ b/2015/10xxx/CVE-2015-10079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-10079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5215.json b/2015/5xxx/CVE-2015-5215.json index e360b1435e9..4d56e3849b0 100644 --- a/2015/5xxx/CVE-2015-5215.json +++ b/2015/5xxx/CVE-2015-5215.json @@ -54,13 +54,13 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", - "url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" + "name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", + "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16" }, { "refsource": "MISC", - "name": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16", - "url": "https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16" + "name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", + "url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" }, { "refsource": "MISC",