From 6b4de236ea1e87162e6fc79b439cbab151eab092 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:23:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2578.json | 150 +++++++++--------- 2007/2xxx/CVE-2007-2762.json | 210 ++++++++++++------------- 2007/3xxx/CVE-2007-3041.json | 190 +++++++++++----------- 2007/3xxx/CVE-2007-3046.json | 140 ++++++++--------- 2007/3xxx/CVE-2007-3055.json | 180 ++++++++++----------- 2007/3xxx/CVE-2007-3341.json | 130 +++++++-------- 2007/3xxx/CVE-2007-3522.json | 190 +++++++++++----------- 2007/3xxx/CVE-2007-3564.json | 220 +++++++++++++------------- 2007/4xxx/CVE-2007-4600.json | 150 +++++++++--------- 2007/4xxx/CVE-2007-4664.json | 210 ++++++++++++------------- 2007/4xxx/CVE-2007-4733.json | 150 +++++++++--------- 2007/4xxx/CVE-2007-4831.json | 160 +++++++++---------- 2007/6xxx/CVE-2007-6242.json | 280 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6323.json | 170 ++++++++++---------- 2007/6xxx/CVE-2007-6592.json | 150 +++++++++--------- 2007/6xxx/CVE-2007-6722.json | 130 +++++++-------- 2010/1xxx/CVE-2010-1566.json | 34 ++-- 2010/1xxx/CVE-2010-1595.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1712.json | 190 +++++++++++----------- 2010/1xxx/CVE-2010-1886.json | 140 ++++++++--------- 2010/1xxx/CVE-2010-1902.json | 140 ++++++++--------- 2014/0xxx/CVE-2014-0201.json | 120 +++++++------- 2014/0xxx/CVE-2014-0319.json | 120 +++++++------- 2014/0xxx/CVE-2014-0586.json | 130 +++++++-------- 2014/0xxx/CVE-2014-0735.json | 150 +++++++++--------- 2014/1xxx/CVE-2014-1332.json | 34 ++-- 2014/1xxx/CVE-2014-1535.json | 34 ++-- 2014/5xxx/CVE-2014-5104.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5359.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5536.json | 140 ++++++++--------- 2014/5xxx/CVE-2014-5654.json | 140 ++++++++--------- 2014/5xxx/CVE-2014-5987.json | 140 ++++++++--------- 2015/2xxx/CVE-2015-2239.json | 150 +++++++++--------- 2015/2xxx/CVE-2015-2588.json | 130 +++++++-------- 2015/2xxx/CVE-2015-2846.json | 130 +++++++-------- 2016/10xxx/CVE-2016-10515.json | 120 +++++++------- 2016/10xxx/CVE-2016-10616.json | 122 +++++++------- 2016/10xxx/CVE-2016-10652.json | 122 +++++++------- 2016/3xxx/CVE-2016-3167.json | 150 +++++++++--------- 2016/4xxx/CVE-2016-4403.json | 140 ++++++++--------- 2016/4xxx/CVE-2016-4888.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8207.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8439.json | 130 +++++++-------- 2016/8xxx/CVE-2016-8898.json | 34 ++-- 2016/8xxx/CVE-2016-8994.json | 34 ++-- 2016/9xxx/CVE-2016-9760.json | 34 ++-- 2016/9xxx/CVE-2016-9971.json | 34 ++-- 2016/9xxx/CVE-2016-9979.json | 130 +++++++-------- 2016/9xxx/CVE-2016-9981.json | 160 +++++++++---------- 2019/2xxx/CVE-2019-2170.json | 34 ++-- 2019/2xxx/CVE-2019-2188.json | 34 ++-- 2019/2xxx/CVE-2019-2314.json | 34 ++-- 2019/2xxx/CVE-2019-2471.json | 148 ++++++++--------- 2019/2xxx/CVE-2019-2815.json | 34 ++-- 2019/3xxx/CVE-2019-3029.json | 34 ++-- 2019/3xxx/CVE-2019-3536.json | 34 ++-- 2019/6xxx/CVE-2019-6174.json | 34 ++-- 2019/6xxx/CVE-2019-6542.json | 34 ++-- 2019/6xxx/CVE-2019-6556.json | 34 ++-- 2019/7xxx/CVE-2019-7396.json | 140 ++++++++--------- 2019/7xxx/CVE-2019-7663.json | 140 ++++++++--------- 2019/7xxx/CVE-2019-7831.json | 34 ++-- 2019/7xxx/CVE-2019-7983.json | 34 ++-- 63 files changed, 3732 insertions(+), 3732 deletions(-) diff --git a/2007/2xxx/CVE-2007-2578.json b/2007/2xxx/CVE-2007-2578.json index 1ce7f845963..8e6e755f745 100644 --- a/2007/2xxx/CVE-2007-2578.json +++ b/2007/2xxx/CVE-2007-2578.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to \"Cookie Manipulation\", via the form[search_term] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 ACP3 (v4.0b3) - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467746/100/0/threaded" - }, - { - "name" : "23834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23834" - }, - { - "name" : "36183", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36183" - }, - { - "name" : "2686", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to \"Cookie Manipulation\", via the form[search_term] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2686", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2686" + }, + { + "name": "23834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23834" + }, + { + "name": "20070505 ACP3 (v4.0b3) - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467746/100/0/threaded" + }, + { + "name": "36183", + "refsource": "OSVDB", + "url": "http://osvdb.org/36183" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2762.json b/2007/2xxx/CVE-2007-2762.json index 125a59a1f29..afd5e60dbf7 100644 --- a/2007/2xxx/CVE-2007-2762.json +++ b/2007/2xxx/CVE-2007-2762.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3947", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3947" - }, - { - "name" : "24045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24045" - }, - { - "name" : "37949", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37949" - }, - { - "name" : "37950", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37950" - }, - { - "name" : "37951", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37951" - }, - { - "name" : "37952", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37952" - }, - { - "name" : "37953", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37953" - }, - { - "name" : "37954", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37954" - }, - { - "name" : "37955", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37955" - }, - { - "name" : "bif-multiple-file-include(34362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37952", + "refsource": "OSVDB", + "url": "http://osvdb.org/37952" + }, + { + "name": "37950", + "refsource": "OSVDB", + "url": "http://osvdb.org/37950" + }, + { + "name": "37949", + "refsource": "OSVDB", + "url": "http://osvdb.org/37949" + }, + { + "name": "3947", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3947" + }, + { + "name": "37955", + "refsource": "OSVDB", + "url": "http://osvdb.org/37955" + }, + { + "name": "37954", + "refsource": "OSVDB", + "url": "http://osvdb.org/37954" + }, + { + "name": "24045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24045" + }, + { + "name": "37951", + "refsource": "OSVDB", + "url": "http://osvdb.org/37951" + }, + { + "name": "bif-multiple-file-include(34362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34362" + }, + { + "name": "37953", + "refsource": "OSVDB", + "url": "http://osvdb.org/37953" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3041.json b/2007/3xxx/CVE-2007-3041.json index 9315ca96e37..ab0e704e298 100644 --- a/2007/3xxx/CVE-2007-3041.json +++ b/2007/3xxx/CVE-2007-3041.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka \"ActiveX Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS07-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" - }, - { - "name" : "TA07-226A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" - }, - { - "name" : "25295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25295" - }, - { - "name" : "ADV-2007-2869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2869" - }, - { - "name" : "36395", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36395" - }, - { - "name" : "oval:org.mitre.oval:def:2232", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2232" - }, - { - "name" : "1018562", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018562" - }, - { - "name" : "26419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka \"ActiveX Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36395", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36395" + }, + { + "name": "MS07-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045" + }, + { + "name": "TA07-226A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" + }, + { + "name": "oval:org.mitre.oval:def:2232", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2232" + }, + { + "name": "ADV-2007-2869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2869" + }, + { + "name": "26419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26419" + }, + { + "name": "1018562", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018562" + }, + { + "name": "25295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25295" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3046.json b/2007/3xxx/CVE-2007-3046.json index f70ff746f08..874d625d55b 100644 --- a/2007/3xxx/CVE-2007-3046.json +++ b/2007/3xxx/CVE-2007-3046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Vortex] 20070530 [ANN] Vortex Library 1.0.3 \"Hands open release\" is ready!", - "refsource" : "MLIST", - "url" : "http://lists.aspl.es/pipermail/vortex/2007-May/000152.html" - }, - { - "name" : "36819", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36819" - }, - { - "name" : "25442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36819", + "refsource": "OSVDB", + "url": "http://osvdb.org/36819" + }, + { + "name": "25442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25442" + }, + { + "name": "[Vortex] 20070530 [ANN] Vortex Library 1.0.3 \"Hands open release\" is ready!", + "refsource": "MLIST", + "url": "http://lists.aspl.es/pipermail/vortex/2007-May/000152.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3055.json b/2007/3xxx/CVE-2007-3055.json index 01d2aa6e84d..534254807c9 100644 --- a/2007/3xxx/CVE-2007-3055.json +++ b/2007/3xxx/CVE-2007-3055.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070602 Linker index.php - Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470346/100/0/threaded" - }, - { - "name" : "24277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24277" - }, - { - "name" : "38374", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38374" - }, - { - "name" : "ADV-2007-2039", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2039" - }, - { - "name" : "36413", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36413" - }, - { - "name" : "25517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25517" - }, - { - "name" : "linker-index-search-xss(34695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36413", + "refsource": "OSVDB", + "url": "http://osvdb.org/36413" + }, + { + "name": "24277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24277" + }, + { + "name": "ADV-2007-2039", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2039" + }, + { + "name": "linker-index-search-xss(34695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34695" + }, + { + "name": "20070602 Linker index.php - Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470346/100/0/threaded" + }, + { + "name": "38374", + "refsource": "OSVDB", + "url": "http://osvdb.org/38374" + }, + { + "name": "25517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25517" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3341.json b/2007/3xxx/CVE-2007-3341.json index 0d6638dec53..ee34703a23c 100644 --- a/2007/3xxx/CVE-2007-3341.json +++ b/2007/3xxx/CVE-2007-3341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to \"see a valid memory address\" via unspecified vectors, a different issue than CVE-2007-0217." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" - }, - { - "name" : "36398", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to \"see a valid memory address\" via unspecified vectors, a different issue than CVE-2007-0217." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" + }, + { + "name": "36398", + "refsource": "OSVDB", + "url": "http://osvdb.org/36398" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3522.json b/2007/3xxx/CVE-2007-3522.json index fed3f795c7c..6e1c5590297 100644 --- a/2007/3xxx/CVE-2007-3522.json +++ b/2007/3xxx/CVE-2007-3522.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4132", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4132" - }, - { - "name" : "24727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24727" - }, - { - "name" : "ADV-2007-2408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2408" - }, - { - "name" : "38964", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38964" - }, - { - "name" : "38965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38965" - }, - { - "name" : "38966", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38966" - }, - { - "name" : "38967", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38967" - }, - { - "name" : "sphpell-spellincpath-file-include(35194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24727" + }, + { + "name": "ADV-2007-2408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2408" + }, + { + "name": "sphpell-spellincpath-file-include(35194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35194" + }, + { + "name": "38966", + "refsource": "OSVDB", + "url": "http://osvdb.org/38966" + }, + { + "name": "38967", + "refsource": "OSVDB", + "url": "http://osvdb.org/38967" + }, + { + "name": "4132", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4132" + }, + { + "name": "38964", + "refsource": "OSVDB", + "url": "http://osvdb.org/38964" + }, + { + "name": "38965", + "refsource": "OSVDB", + "url": "http://osvdb.org/38965" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3564.json b/2007/3xxx/CVE-2007-3564.json index a987f3ff02b..8f00fc38047 100644 --- a/2007/3xxx/CVE-2007-3564.json +++ b/2007/3xxx/CVE-2007-3564.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2007-3564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.curl.haxx.se/docs/adv_20070710.html", - "refsource" : "MISC", - "url" : "http://www.curl.haxx.se/docs/adv_20070710.html" - }, - { - "name" : "DSA-1333", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1333" - }, - { - "name" : "2007-0023", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0023/" - }, - { - "name" : "USN-484-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-484-1" - }, - { - "name" : "24938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24938" - }, - { - "name" : "ADV-2007-2551", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2551" - }, - { - "name" : "26104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26104" - }, - { - "name" : "26108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26108" - }, - { - "name" : "26128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26128" - }, - { - "name" : "26231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26231" - }, - { - "name" : "libcurl-gnutls-weak-security(35479)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26231" + }, + { + "name": "ADV-2007-2551", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2551" + }, + { + "name": "26128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26128" + }, + { + "name": "26108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26108" + }, + { + "name": "24938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24938" + }, + { + "name": "2007-0023", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0023/" + }, + { + "name": "26104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26104" + }, + { + "name": "USN-484-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-484-1" + }, + { + "name": "libcurl-gnutls-weak-security(35479)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35479" + }, + { + "name": "http://www.curl.haxx.se/docs/adv_20070710.html", + "refsource": "MISC", + "url": "http://www.curl.haxx.se/docs/adv_20070710.html" + }, + { + "name": "DSA-1333", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1333" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4600.json b/2007/4xxx/CVE-2007-4600.json index 19b1466d77a..d8880b73f45 100644 --- a/2007/4xxx/CVE-2007-4600.json +++ b/2007/4xxx/CVE-2007-4600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Protect Worksheet\" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071016 CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482341/100/0/threaded" - }, - { - "name" : "43764", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43764" - }, - { - "name" : "3248", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3248" - }, - { - "name" : "mathcad-xmcdz-security-bypass(37263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Protect Worksheet\" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43764", + "refsource": "OSVDB", + "url": "http://osvdb.org/43764" + }, + { + "name": "3248", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3248" + }, + { + "name": "mathcad-xmcdz-security-bypass(37263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37263" + }, + { + "name": "20071016 CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482341/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4664.json b/2007/4xxx/CVE-2007-4664.json index 04d2607f179..f33a71d1411 100644 --- a/2007/4xxx/CVE-2007-4664.json +++ b/2007/4xxx/CVE-2007-4664.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tracker.firebirdsql.org/browse/CORE-1405", - "refsource" : "MISC", - "url" : "http://tracker.firebirdsql.org/browse/CORE-1405" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=535898", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=535898" - }, - { - "name" : "http://www.firebirdsql.org/index.php?op=files&id=engine_202", - "refsource" : "CONFIRM", - "url" : "http://www.firebirdsql.org/index.php?op=files&id=engine_202" - }, - { - "name" : "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf" - }, - { - "name" : "DSA-1529", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1529" - }, - { - "name" : "25497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25497" - }, - { - "name" : "ADV-2007-3021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3021" - }, - { - "name" : "26615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26615" - }, - { - "name" : "29501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29501" - }, - { - "name" : "firebird-maxpathlen-unspecified(36359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tracker.firebirdsql.org/browse/CORE-1405", + "refsource": "MISC", + "url": "http://tracker.firebirdsql.org/browse/CORE-1405" + }, + { + "name": "25497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25497" + }, + { + "name": "ADV-2007-3021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3021" + }, + { + "name": "26615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26615" + }, + { + "name": "http://www.firebirdsql.org/index.php?op=files&id=engine_202", + "refsource": "CONFIRM", + "url": "http://www.firebirdsql.org/index.php?op=files&id=engine_202" + }, + { + "name": "29501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29501" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=535898", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=535898" + }, + { + "name": "DSA-1529", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1529" + }, + { + "name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf", + "refsource": "CONFIRM", + "url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf" + }, + { + "name": "firebird-maxpathlen-unspecified(36359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4733.json b/2007/4xxx/CVE-2007-4733.json index 5c7be935043..0c3420aaaf0 100644 --- a/2007/4xxx/CVE-2007-4733.json +++ b/2007/4xxx/CVE-2007-4733.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070830 Aztech router DSL600EU IP and ARP spoof", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478314/100/0/threaded" - }, - { - "name" : "45877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45877" - }, - { - "name" : "1018641", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018641" - }, - { - "name" : "3093", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3093", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3093" + }, + { + "name": "1018641", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018641" + }, + { + "name": "45877", + "refsource": "OSVDB", + "url": "http://osvdb.org/45877" + }, + { + "name": "20070830 Aztech router DSL600EU IP and ARP spoof", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4831.json b/2007/4xxx/CVE-2007-4831.json index efe28fba01d..4ad5de11ded 100644 --- a/2007/4xxx/CVE-2007-4831.json +++ b/2007/4xxx/CVE-2007-4831.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.telspace.co.za/press-030.php", - "refsource" : "MISC", - "url" : "http://www.telspace.co.za/press-030.php" - }, - { - "name" : "25616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25616" - }, - { - "name" : "37073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37073" - }, - { - "name" : "26551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26551" - }, - { - "name" : "torrenttrader-accountsettings-xss(36531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "torrenttrader-accountsettings-xss(36531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36531" + }, + { + "name": "26551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26551" + }, + { + "name": "37073", + "refsource": "OSVDB", + "url": "http://osvdb.org/37073" + }, + { + "name": "http://www.telspace.co.za/press-030.php", + "refsource": "MISC", + "url": "http://www.telspace.co.za/press-030.php" + }, + { + "name": "25616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25616" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6242.json b/2007/6xxx/CVE-2007-6242.json index 797bf6fa292..5048e95f20e 100644 --- a/2007/6xxx/CVE-2007-6242.json +++ b/2007/6xxx/CVE-2007-6242.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to \"input validation errors.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-20.html" - }, - { - "name" : "GLSA-200801-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml" - }, - { - "name" : "RHSA-2007:1126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1126.html" - }, - { - "name" : "238305", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" - }, - { - "name" : "SUSE-SA:2007:069", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html" - }, - { - "name" : "TA07-355A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-355A.html" - }, - { - "name" : "26951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26951" - }, - { - "name" : "oval:org.mitre.oval:def:9188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9188" - }, - { - "name" : "ADV-2007-4258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4258" - }, - { - "name" : "ADV-2008-1724", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1724/references" - }, - { - "name" : "1019116", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019116" - }, - { - "name" : "28157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28157" - }, - { - "name" : "28161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28161" - }, - { - "name" : "28570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28570" - }, - { - "name" : "28213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28213" - }, - { - "name" : "30507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30507" - }, - { - "name" : "adobe-swf-code-execution(39128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to \"input validation errors.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2007:069", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html" + }, + { + "name": "28157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28157" + }, + { + "name": "30507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30507" + }, + { + "name": "28570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28570" + }, + { + "name": "ADV-2008-1724", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1724/references" + }, + { + "name": "TA07-355A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html" + }, + { + "name": "adobe-swf-code-execution(39128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39128" + }, + { + "name": "26951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26951" + }, + { + "name": "GLSA-200801-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml" + }, + { + "name": "oval:org.mitre.oval:def:9188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9188" + }, + { + "name": "28161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28161" + }, + { + "name": "RHSA-2007:1126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1126.html" + }, + { + "name": "238305", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" + }, + { + "name": "ADV-2007-4258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4258" + }, + { + "name": "1019116", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019116" + }, + { + "name": "28213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28213" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6323.json b/2007/6xxx/CVE-2007-6323.json index 7fd1c79980c..7897057a475 100644 --- a/2007/6xxx/CVE-2007-6323.json +++ b/2007/6xxx/CVE-2007-6323.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4728", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4728" - }, - { - "name" : "26852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26852" - }, - { - "name" : "39148", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39148" - }, - { - "name" : "39149", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39149" - }, - { - "name" : "28075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28075" - }, - { - "name" : "mmsgallery-id-directory-traversal(39014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39148", + "refsource": "OSVDB", + "url": "http://osvdb.org/39148" + }, + { + "name": "26852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26852" + }, + { + "name": "mmsgallery-id-directory-traversal(39014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39014" + }, + { + "name": "28075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28075" + }, + { + "name": "39149", + "refsource": "OSVDB", + "url": "http://osvdb.org/39149" + }, + { + "name": "4728", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4728" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6592.json b/2007/6xxx/CVE-2007-6592.json index 838803ee007..d96a311b6c3 100644 --- a/2007/6xxx/CVE-2007-6592.json +++ b/2007/6xxx/CVE-2007-6592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483929/100/100/threaded" - }, - { - "name" : "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483937/100/100/threaded" - }, - { - "name" : "http://nils.toedtmann.net/pub/subjectAltName.txt", - "refsource" : "MISC", - "url" : "http://nils.toedtmann.net/pub/subjectAltName.txt" - }, - { - "name" : "3498", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3498", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3498" + }, + { + "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded" + }, + { + "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded" + }, + { + "name": "http://nils.toedtmann.net/pub/subjectAltName.txt", + "refsource": "MISC", + "url": "http://nils.toedtmann.net/pub/subjectAltName.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6722.json b/2007/6xxx/CVE-2007-6722.json index e5e5309adec..04aabff8fd7 100644 --- a/2007/6xxx/CVE-2007-6722.json +++ b/2007/6xxx/CVE-2007-6722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" - }, - { - "name" : "vidalia-enableremotetoggle-security-bypass(50066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-talk] 20071031 Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/talk/Oct-2007/msg00291.html" + }, + { + "name": "vidalia-enableremotetoggle-security-bypass(50066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50066" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1566.json b/2010/1xxx/CVE-2010-1566.json index 473d7630895..4df80de6a37 100644 --- a/2010/1xxx/CVE-2010-1566.json +++ b/2010/1xxx/CVE-2010-1566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1595.json b/2010/1xxx/CVE-2010-1595.json index 21da36a04e9..d01ab9aaa13 100644 --- a/2010/1xxx/CVE-2010-1595.json +++ b/2010/1xxx/CVE-2010-1595.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt" - }, - { - "name" : "MDVSA-2010:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" - }, - { - "name" : "61942", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61942" - }, - { - "name" : "38311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38311" - }, - { - "name" : "ocsinventoryng-index-sql-injection(55872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38311" + }, + { + "name": "MDVSA-2010:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" + }, + { + "name": "ocsinventoryng-index-sql-injection(55872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt" + }, + { + "name": "61942", + "refsource": "OSVDB", + "url": "http://osvdb.org/61942" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1712.json b/2010/1xxx/CVE-2010-1712.json index 21ed7cfbfe0..4ff264aea8e 100644 --- a/2010/1xxx/CVE-2010-1712.json +++ b/2010/1xxx/CVE-2010-1712.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://inj3ct0r.com/exploits/11914", - "refsource" : "MISC", - "url" : "http://inj3ct0r.com/exploits/11914" - }, - { - "name" : "12323", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12323" - }, - { - "name" : "http://www.hack0wn.com/view.php?xroot=1310.0&cat=exploits", - "refsource" : "MISC", - "url" : "http://www.hack0wn.com/view.php?xroot=1310.0&cat=exploits" - }, - { - "name" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm", - "refsource" : "MISC", - "url" : "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm" - }, - { - "name" : "39626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39626" - }, - { - "name" : "63973", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63973" - }, - { - "name" : "39516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39516" - }, - { - "name" : "wbnews-comments-xss(58025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wbnews-comments-xss(58025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58025" + }, + { + "name": "http://inj3ct0r.com/exploits/11914", + "refsource": "MISC", + "url": "http://inj3ct0r.com/exploits/11914" + }, + { + "name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm", + "refsource": "MISC", + "url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability44.htm" + }, + { + "name": "12323", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12323" + }, + { + "name": "http://www.hack0wn.com/view.php?xroot=1310.0&cat=exploits", + "refsource": "MISC", + "url": "http://www.hack0wn.com/view.php?xroot=1310.0&cat=exploits" + }, + { + "name": "39516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39516" + }, + { + "name": "63973", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63973" + }, + { + "name": "39626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39626" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1886.json b/2010/1xxx/CVE-2010-1886.json index 0a7f6bbd152..5c0bcea7e12 100644 --- a/2010/1xxx/CVE-2010-1886.json +++ b/2010/1xxx/CVE-2010-1886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a \"security boundary.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.microsoft.com/technet/security/advisory/2264072.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/2264072.mspx" - }, - { - "name" : "2264072", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/2264072" - }, - { - "name" : "982316", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/982316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a \"security boundary.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2264072", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/2264072" + }, + { + "name": "982316", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/982316" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/2264072.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/2264072.mspx" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1902.json b/2010/1xxx/CVE-2010-1902.json index 441c24f92a1..05542a7625b 100644 --- a/2010/1xxx/CVE-2010-1902.json +++ b/2010/1xxx/CVE-2010-1902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka \"Word RTF Parsing Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11472", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka \"Word RTF Parsing Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056" + }, + { + "name": "oval:org.mitre.oval:def:11472", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0201.json b/2014/0xxx/CVE-2014-0201.json index a00c487219f..4078c55bd8d 100644 --- a/2014/0xxx/CVE-2014-0201.json +++ b/2014/0xxx/CVE-2014-0201.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:0558", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0558.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0558", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0319.json b/2014/0xxx/CVE-2014-0319.json index 91339677b3f..912a2693ec4 100644 --- a/2014/0xxx/CVE-2014-0319.json +++ b/2014/0xxx/CVE-2014-0319.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka \"Silverlight DEP/ASLR Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka \"Silverlight DEP/ASLR Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-014" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0586.json b/2014/0xxx/CVE-2014-0586.json index c7944b9476d..e71145997ce 100644 --- a/2014/0xxx/CVE-2014-0586.json +++ b/2014/0xxx/CVE-2014-0586.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0735.json b/2014/0xxx/CVE-2014-0735.json index 1428f5691e4..d5196be8e41 100644 --- a/2014/0xxx/CVE-2014-0735.json +++ b/2014/0xxx/CVE-2014-0735.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912" - }, - { - "name" : "20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735" - }, - { - "name" : "65641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65641" - }, - { - "name" : "1029793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912" + }, + { + "name": "65641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65641" + }, + { + "name": "1029793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029793" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1332.json b/2014/1xxx/CVE-2014-1332.json index 946af1694de..87356aa7b84 100644 --- a/2014/1xxx/CVE-2014-1332.json +++ b/2014/1xxx/CVE-2014-1332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1332", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1332", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1535.json b/2014/1xxx/CVE-2014-1535.json index 3d2d7299842..3468acdb1a5 100644 --- a/2014/1xxx/CVE-2014-1535.json +++ b/2014/1xxx/CVE-2014-1535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5104.json b/2014/5xxx/CVE-2014-5104.json index 29ea90de27a..a9327ebcd02 100644 --- a/2014/5xxx/CVE-2014-5104.json +++ b/2014/5xxx/CVE-2014-5104.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "68719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127521/OL-Commerce-2.1.1-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "68719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68719" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5359.json b/2014/5xxx/CVE-2014-5359.json index 0cc718d40b1..b1d859ebc5d 100644 --- a/2014/5xxx/CVE-2014-5359.json +++ b/2014/5xxx/CVE-2014-5359.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://appcheck-ng.com/safenet-sas-owa-agent-directory-traversal-vulnerability/", - "refsource" : "MISC", - "url" : "http://appcheck-ng.com/safenet-sas-owa-agent-directory-traversal-vulnerability/" - }, - { - "name" : "http://www.safenet-inc.com/technical-support/security-updates/", - "refsource" : "MISC", - "url" : "http://www.safenet-inc.com/technical-support/security-updates/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.safenet-inc.com/technical-support/security-updates/", + "refsource": "MISC", + "url": "http://www.safenet-inc.com/technical-support/security-updates/" + }, + { + "name": "http://appcheck-ng.com/safenet-sas-owa-agent-directory-traversal-vulnerability/", + "refsource": "MISC", + "url": "http://appcheck-ng.com/safenet-sas-owa-agent-directory-traversal-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5536.json b/2014/5xxx/CVE-2014-5536.json index 6c9c4b4d525..8d42265bd66 100644 --- a/2014/5xxx/CVE-2014-5536.json +++ b/2014/5xxx/CVE-2014-5536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#960369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#960369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960369" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5654.json b/2014/5xxx/CVE-2014-5654.json index ce51783f580..700c3ae2b1f 100644 --- a/2014/5xxx/CVE-2014-5654.json +++ b/2014/5xxx/CVE-2014-5654.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#218177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/218177" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#218177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/218177" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5987.json b/2014/5xxx/CVE-2014-5987.json index d82bd6496d7..260aabd5703 100644 --- a/2014/5xxx/CVE-2014-5987.json +++ b/2014/5xxx/CVE-2014-5987.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#336537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/336537" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#336537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/336537" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2239.json b/2015/2xxx/CVE-2015-2239.json index f44f8077fcd..4dfc96dff31 100644 --- a/2015/2xxx/CVE-2015-2239.json +++ b/2015/2xxx/CVE-2015-2239.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the \"1993 search\" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=256724", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=256724" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=463349", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=463349" - }, - { - "name" : "74855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the \"1993 search\" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74855" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=256724", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=256724" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=463349", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=463349" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2588.json b/2015/2xxx/CVE-2015-2588.json index a57d3b60610..1578b7a5dfa 100644 --- a/2015/2xxx/CVE-2015-2588.json +++ b/2015/2xxx/CVE-2015-2588.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032917", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032917", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032917" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2846.json b/2015/2xxx/CVE-2015-2846.json index a5994425cf9..f2b38936bed 100644 --- a/2015/2xxx/CVE-2015-2846.json +++ b/2015/2xxx/CVE-2015-2846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-115/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-115/" - }, - { - "name" : "73906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73906" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-115/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-115/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10515.json b/2016/10xxx/CVE-2016-10515.json index 90fd79e1ad1..9d881d55e92 100644 --- a/2016/10xxx/CVE-2016-10515.json +++ b/2016/10xxx/CVE-2016-10515.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", + "refsource": "CONFIRM", + "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10616.json b/2016/10xxx/CVE-2016-10616.json index 33fb7c4b7ed..6377cb6dd0b 100644 --- a/2016/10xxx/CVE-2016-10616.json +++ b/2016/10xxx/CVE-2016-10616.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openframe-image node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openframe-image node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/218", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/218", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/218" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10652.json b/2016/10xxx/CVE-2016-10652.json index 917e7ef7379..b9e268f99ea 100644 --- a/2016/10xxx/CVE-2016-10652.json +++ b/2016/10xxx/CVE-2016-10652.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "prebuild-lwip node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "prebuild-lwip node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/248", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/248", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/248" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3167.json b/2016/3xxx/CVE-2016-3167.json index 3dfd18d513f..6b12615d170 100644 --- a/2016/3xxx/CVE-2016-3167.json +++ b/2016/3xxx/CVE-2016-3167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the \"destination\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/19" - }, - { - "name" : "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/15/10" - }, - { - "name" : "https://www.drupal.org/SA-CORE-2016-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2016-001" - }, - { - "name" : "DSA-3498", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the \"destination\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160224 CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/19" + }, + { + "name": "[oss-security] 20160315 Re: CVE requests for Drupal core (SA-CORE-2016-001)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/15/10" + }, + { + "name": "DSA-3498", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3498" + }, + { + "name": "https://www.drupal.org/SA-CORE-2016-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2016-001" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4403.json b/2016/4xxx/CVE-2016-4403.json index 1a98b644330..342b8898881 100644 --- a/2016/4xxx/CVE-2016-4403.json +++ b/2016/4xxx/CVE-2016-4403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2016-4403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP Keyview", - "version" : { - "version_data" : [ - { - "version_value" : "earlier than v11.2" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution via memory corruption" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2016-4403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP Keyview", + "version": { + "version_data": [ + { + "version_value": "earlier than v11.2" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325836", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325836" - }, - { - "name" : "94184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94184" - }, - { - "name" : "1037235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution via memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325836", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05325836" + }, + { + "name": "94184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94184" + }, + { + "name": "1037235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037235" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4888.json b/2016/4xxx/CVE-2016-4888.json index 2f27d732a1e..84e1f9c0b95 100644 --- a/2016/4xxx/CVE-2016-4888.json +++ b/2016/4xxx/CVE-2016-4888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/service-desk/readme-9.2.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/service-desk/readme-9.2.html" - }, - { - "name" : "JVN#50347324", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN50347324/index.html" - }, - { - "name" : "JVNDB-2016-000169", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000169.html" - }, - { - "name" : "93214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93214" + }, + { + "name": "JVN#50347324", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN50347324/index.html" + }, + { + "name": "https://www.manageengine.com/products/service-desk/readme-9.2.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/service-desk/readme-9.2.html" + }, + { + "name": "JVNDB-2016-000169", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000169.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8207.json b/2016/8xxx/CVE-2016-8207.json index 5da5dd82422..e8ccdef1082 100644 --- a/2016/8xxx/CVE-2016-8207.json +++ b/2016/8xxx/CVE-2016-8207.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2016-8207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade Network Advisor versions released prior to and including 14.0.2", - "version" : { - "version_data" : [ - { - "version_value" : "Brocade Network Advisor versions released prior to and including 14.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2016-8207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade Network Advisor versions released prior to and including 14.0.2", + "version": { + "version_data": [ + { + "version_value": "Brocade Network Advisor versions released prior to and including 14.0.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-052", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-052" - }, - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us" - }, - { - "name" : "95691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95691" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-052", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-052" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us" + }, + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8439.json b/2016/8xxx/CVE-2016-8439.json index 784c9afa88f..ad64453841a 100644 --- a/2016/8xxx/CVE-2016-8439.json +++ b/2016/8xxx/CVE-2016-8439.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95227" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8898.json b/2016/8xxx/CVE-2016-8898.json index 52043e79521..09a7f9a1971 100644 --- a/2016/8xxx/CVE-2016-8898.json +++ b/2016/8xxx/CVE-2016-8898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8994.json b/2016/8xxx/CVE-2016-8994.json index e67c6962faf..51e61c7f0e5 100644 --- a/2016/8xxx/CVE-2016-8994.json +++ b/2016/8xxx/CVE-2016-8994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8994", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8994", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9760.json b/2016/9xxx/CVE-2016-9760.json index 5e91b9d08e4..b0103502cb6 100644 --- a/2016/9xxx/CVE-2016-9760.json +++ b/2016/9xxx/CVE-2016-9760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9760", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9760", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9971.json b/2016/9xxx/CVE-2016-9971.json index 4cc62a74ab1..23c2af1fc9a 100644 --- a/2016/9xxx/CVE-2016-9971.json +++ b/2016/9xxx/CVE-2016-9971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9979.json b/2016/9xxx/CVE-2016-9979.json index d7d7ca1d9e1..cb7fb4593ae 100644 --- a/2016/9xxx/CVE-2016-9979.json +++ b/2016/9xxx/CVE-2016-9979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Curam Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Curam Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001780", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001780" - }, - { - "name" : "97993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97993" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001780", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001780" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9981.json b/2016/9xxx/CVE-2016-9981.json index 8fa10e4ae0c..f81f85d3ba3 100644 --- a/2016/9xxx/CVE-2016-9981.json +++ b/2016/9xxx/CVE-2016-9981.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-26T00:00:00", - "ID" : "CVE-2016-9981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security AppScan Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.2" - }, - { - "version_value" : "9.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-26T00:00:00", + "ID": "CVE-2016-9981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security AppScan Enterprise", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.2" + }, + { + "version_value": "9.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120257", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120257" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006430", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006430" - }, - { - "name" : "1039073", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039073", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039073" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120257", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120257" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006430", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006430" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2170.json b/2019/2xxx/CVE-2019-2170.json index b6b3fcc1b03..026f121191a 100644 --- a/2019/2xxx/CVE-2019-2170.json +++ b/2019/2xxx/CVE-2019-2170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2188.json b/2019/2xxx/CVE-2019-2188.json index 4f1f511b8c4..26e92b2c620 100644 --- a/2019/2xxx/CVE-2019-2188.json +++ b/2019/2xxx/CVE-2019-2188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2188", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2188", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2314.json b/2019/2xxx/CVE-2019-2314.json index b221a7d537c..3a74dd79930 100644 --- a/2019/2xxx/CVE-2019-2314.json +++ b/2019/2xxx/CVE-2019-2314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2471.json b/2019/2xxx/CVE-2019-2471.json index fca7b9287ee..a0f1b167e50 100644 --- a/2019/2xxx/CVE-2019-2471.json +++ b/2019/2xxx/CVE-2019-2471.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - }, - { - "version_affected" : "=", - "version_value" : "8.57" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + }, + { + "version_affected": "=", + "version_value": "8.57" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106592" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2815.json b/2019/2xxx/CVE-2019-2815.json index 3788de6010d..b209f98d738 100644 --- a/2019/2xxx/CVE-2019-2815.json +++ b/2019/2xxx/CVE-2019-2815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3029.json b/2019/3xxx/CVE-2019-3029.json index 10d98f8033b..de3edd0986c 100644 --- a/2019/3xxx/CVE-2019-3029.json +++ b/2019/3xxx/CVE-2019-3029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3536.json b/2019/3xxx/CVE-2019-3536.json index 7b9aaa31ba1..1ad5476f1df 100644 --- a/2019/3xxx/CVE-2019-3536.json +++ b/2019/3xxx/CVE-2019-3536.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3536", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3536", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6174.json b/2019/6xxx/CVE-2019-6174.json index bbd3a2e9b3e..c02891bcd14 100644 --- a/2019/6xxx/CVE-2019-6174.json +++ b/2019/6xxx/CVE-2019-6174.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6174", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6174", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6542.json b/2019/6xxx/CVE-2019-6542.json index 5317a066ba1..2b198a537a0 100644 --- a/2019/6xxx/CVE-2019-6542.json +++ b/2019/6xxx/CVE-2019-6542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6556.json b/2019/6xxx/CVE-2019-6556.json index e47c90fc978..3f8b6a22635 100644 --- a/2019/6xxx/CVE-2019-6556.json +++ b/2019/6xxx/CVE-2019-6556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7396.json b/2019/7xxx/CVE-2019-7396.json index 88160ec0071..c1b68dc6029 100644 --- a/2019/7xxx/CVE-2019-7396.json +++ b/2019/7xxx/CVE-2019-7396.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1452", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1452" - }, - { - "name" : "106849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1452", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1452" + }, + { + "name": "106849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106849" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7663.json b/2019/7xxx/CVE-2019-7663.json index 213352e7655..401605d6660 100644 --- a/2019/7xxx/CVE-2019-7663.json +++ b/2019/7xxx/CVE-2019-7663.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2833", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2833" - }, - { - "name" : "USN-3906-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3906-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2833", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833" + }, + { + "name": "USN-3906-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3906-1/" + }, + { + "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7831.json b/2019/7xxx/CVE-2019-7831.json index 8ce32ad2879..1942330db9e 100644 --- a/2019/7xxx/CVE-2019-7831.json +++ b/2019/7xxx/CVE-2019-7831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7831", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7831", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7983.json b/2019/7xxx/CVE-2019-7983.json index 8e973cb9191..1b2f7f350ba 100644 --- a/2019/7xxx/CVE-2019-7983.json +++ b/2019/7xxx/CVE-2019-7983.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7983", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7983", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file