From 819077d6c3bb213bd8a6271ffecd09263458a77c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:44:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2325.json | 140 +++++------ 2007/2xxx/CVE-2007-2397.json | 200 ++++++++-------- 2007/2xxx/CVE-2007-2532.json | 170 ++++++------- 2007/2xxx/CVE-2007-2766.json | 170 ++++++------- 2007/3xxx/CVE-2007-3532.json | 170 ++++++------- 2007/3xxx/CVE-2007-3602.json | 150 ++++++------ 2007/3xxx/CVE-2007-3605.json | 210 ++++++++-------- 2007/4xxx/CVE-2007-4378.json | 170 ++++++------- 2007/4xxx/CVE-2007-4447.json | 170 ++++++------- 2007/4xxx/CVE-2007-4825.json | 230 +++++++++--------- 2007/4xxx/CVE-2007-4861.json | 210 ++++++++-------- 2007/6xxx/CVE-2007-6340.json | 150 ++++++------ 2007/6xxx/CVE-2007-6639.json | 150 ++++++------ 2010/1xxx/CVE-2010-1083.json | 310 ++++++++++++------------ 2010/1xxx/CVE-2010-1557.json | 140 +++++------ 2010/1xxx/CVE-2010-1971.json | 160 ++++++------- 2010/5xxx/CVE-2010-5090.json | 150 ++++++------ 2014/0xxx/CVE-2014-0246.json | 140 +++++------ 2014/0xxx/CVE-2014-0287.json | 170 ++++++------- 2014/0xxx/CVE-2014-0772.json | 120 +++++----- 2014/1xxx/CVE-2014-1731.json | 260 ++++++++++---------- 2014/5xxx/CVE-2014-5384.json | 140 +++++------ 2014/5xxx/CVE-2014-5507.json | 150 ++++++------ 2014/5xxx/CVE-2014-5677.json | 140 +++++------ 2014/5xxx/CVE-2014-5825.json | 140 +++++------ 2015/2xxx/CVE-2015-2009.json | 120 +++++----- 2015/2xxx/CVE-2015-2552.json | 150 ++++++------ 2015/2xxx/CVE-2015-2614.json | 130 +++++----- 2015/2xxx/CVE-2015-2923.json | 34 +-- 2016/10xxx/CVE-2016-10013.json | 150 ++++++------ 2016/10xxx/CVE-2016-10122.json | 130 +++++----- 2016/10xxx/CVE-2016-10392.json | 142 +++++------ 2016/10xxx/CVE-2016-10660.json | 122 +++++----- 2016/4xxx/CVE-2016-4390.json | 140 +++++------ 2016/4xxx/CVE-2016-4433.json | 190 +++++++-------- 2016/4xxx/CVE-2016-4629.json | 160 ++++++------- 2016/4xxx/CVE-2016-4878.json | 140 +++++------ 2016/4xxx/CVE-2016-4974.json | 180 +++++++------- 2016/8xxx/CVE-2016-8181.json | 34 +-- 2016/8xxx/CVE-2016-8492.json | 130 +++++----- 2016/8xxx/CVE-2016-8574.json | 170 ++++++------- 2016/8xxx/CVE-2016-8936.json | 424 ++++++++++++++++----------------- 2016/9xxx/CVE-2016-9052.json | 130 +++++----- 2016/9xxx/CVE-2016-9146.json | 34 +-- 2016/9xxx/CVE-2016-9355.json | 130 +++++----- 2016/9xxx/CVE-2016-9369.json | 130 +++++----- 2016/9xxx/CVE-2016-9722.json | 148 ++++++------ 2019/2xxx/CVE-2019-2282.json | 34 +-- 2019/2xxx/CVE-2019-2436.json | 142 +++++------ 2019/2xxx/CVE-2019-2486.json | 160 ++++++------- 2019/3xxx/CVE-2019-3395.json | 34 +-- 2019/3xxx/CVE-2019-3937.json | 34 +-- 2019/6xxx/CVE-2019-6253.json | 34 +-- 2019/6xxx/CVE-2019-6319.json | 34 +-- 2019/6xxx/CVE-2019-6408.json | 34 +-- 2019/6xxx/CVE-2019-6464.json | 34 +-- 2019/7xxx/CVE-2019-7042.json | 34 +-- 2019/7xxx/CVE-2019-7567.json | 120 +++++----- 2019/7xxx/CVE-2019-7885.json | 34 +-- 59 files changed, 4078 insertions(+), 4078 deletions(-) diff --git a/2007/2xxx/CVE-2007-2325.json b/2007/2xxx/CVE-2007-2325.json index b7df330ea55..e9d1838fe79 100644 --- a/2007/2xxx/CVE-2007-2325.json +++ b/2007/2xxx/CVE-2007-2325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070424 MyNewsGroups >> RFI in include.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466836/100/0/threaded" - }, - { - "name" : "23646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23646" - }, - { - "name" : "mynewsgroups-include-file-include(33867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070424 MyNewsGroups >> RFI in include.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466836/100/0/threaded" + }, + { + "name": "mynewsgroups-include-file-include(33867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33867" + }, + { + "name": "23646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23646" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2397.json b/2007/2xxx/CVE-2007-2397.json index 441ec71d9f3..b405332953c 100644 --- a/2007/2xxx/CVE-2007-2397.json +++ b/2007/2xxx/CVE-2007-2397.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=305947", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305947" - }, - { - "name" : "APPLE-SA-2007-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" - }, - { - "name" : "TA07-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" - }, - { - "name" : "24873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24873" - }, - { - "name" : "ADV-2007-2510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2510" - }, - { - "name" : "36132", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36132" - }, - { - "name" : "1018373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018373" - }, - { - "name" : "26034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26034" - }, - { - "name" : "quicktime-applet-code-execution(35358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26034" + }, + { + "name": "1018373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018373" + }, + { + "name": "TA07-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" + }, + { + "name": "ADV-2007-2510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2510" + }, + { + "name": "36132", + "refsource": "OSVDB", + "url": "http://osvdb.org/36132" + }, + { + "name": "24873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24873" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305947", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305947" + }, + { + "name": "APPLE-SA-2007-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" + }, + { + "name": "quicktime-applet-code-execution(35358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2532.json b/2007/2xxx/CVE-2007-2532.json index 1a4681d36b5..f5ab7ae0bde 100644 --- a/2007/2xxx/CVE-2007-2532.json +++ b/2007/2xxx/CVE-2007-2532.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070506 Mini Web Shop v.2 Vulnerable to XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467831/100/0/threaded" - }, - { - "name" : "23847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23847" - }, - { - "name" : "36248", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36248" - }, - { - "name" : "36249", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36249" - }, - { - "name" : "2666", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2666" - }, - { - "name" : "miniweb-sendmail-orderform-xss(34105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36249", + "refsource": "OSVDB", + "url": "http://osvdb.org/36249" + }, + { + "name": "36248", + "refsource": "OSVDB", + "url": "http://osvdb.org/36248" + }, + { + "name": "2666", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2666" + }, + { + "name": "miniweb-sendmail-orderform-xss(34105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34105" + }, + { + "name": "20070506 Mini Web Shop v.2 Vulnerable to XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467831/100/0/threaded" + }, + { + "name": "23847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23847" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2766.json b/2007/2xxx/CVE-2007-2766.json index d88e3dbed33..0cef14590fe 100644 --- a/2007/2xxx/CVE-2007-2766.json +++ b/2007/2xxx/CVE-2007-2766.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Backup-manager-commits] 20070102 r528 - in backup-manager/trunk: . doc lib man po", - "refsource" : "MLIST", - "url" : "http://www.backup-manager.org/pipermail/backup-manager-commits/2007-January/000212.html" - }, - { - "name" : "http://www2.backup-manager.org/Release076", - "refsource" : "CONFIRM", - "url" : "http://www2.backup-manager.org/Release076" - }, - { - "name" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146" - }, - { - "name" : "34780", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34780" - }, - { - "name" : "ADV-2007-2412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2412" - }, - { - "name" : "backup-manager-password-plaintext(34489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2412" + }, + { + "name": "backup-manager-password-plaintext(34489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34489" + }, + { + "name": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146", + "refsource": "CONFIRM", + "url": "http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146" + }, + { + "name": "[Backup-manager-commits] 20070102 r528 - in backup-manager/trunk: . doc lib man po", + "refsource": "MLIST", + "url": "http://www.backup-manager.org/pipermail/backup-manager-commits/2007-January/000212.html" + }, + { + "name": "http://www2.backup-manager.org/Release076", + "refsource": "CONFIRM", + "url": "http://www2.backup-manager.org/Release076" + }, + { + "name": "34780", + "refsource": "OSVDB", + "url": "http://osvdb.org/34780" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3532.json b/2007/3xxx/CVE-2007-3532.json index 6fe11ee345d..cc11d94bf4c 100644 --- a/2007/3xxx/CVE-2007-3532.json +++ b/2007/3xxx/CVE-2007-3532.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=183567", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=183567" - }, - { - "name" : "GLSA-200708-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-14.xml" - }, - { - "name" : "25363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25363" - }, - { - "name" : "25360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25360" - }, - { - "name" : "40177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40177" - }, - { - "name" : "26497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200708-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-14.xml" + }, + { + "name": "40177", + "refsource": "OSVDB", + "url": "http://osvdb.org/40177" + }, + { + "name": "25360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25360" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=183567", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=183567" + }, + { + "name": "25363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25363" + }, + { + "name": "26497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26497" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3602.json b/2007/3xxx/CVE-2007-3602.json index 37fa6afa389..1b3cc97095e 100644 --- a/2007/3xxx/CVE-2007-3602.json +++ b/2007/3xxx/CVE-2007-3602.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.vtiger.com/viewtopic.php?p=44233", - "refsource" : "MISC", - "url" : "http://forums.vtiger.com/viewtopic.php?p=44233" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245", - "refsource" : "MISC", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" - }, - { - "name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084", - "refsource" : "CONFIRM", - "url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245", + "refsource": "MISC", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245" + }, + { + "name": "http://forums.vtiger.com/viewtopic.php?p=44233", + "refsource": "MISC", + "url": "http://forums.vtiger.com/viewtopic.php?p=44233" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084" + }, + { + "name": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", + "refsource": "CONFIRM", + "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3605.json b/2007/3xxx/CVE-2007-3605.json index 29d14b3274c..1c31b607796 100644 --- a/2007/3xxx/CVE-2007-3605.json +++ b/2007/3xxx/CVE-2007-3605.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\\SapGui\\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472887/100/0/threaded" - }, - { - "name" : "4148", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4148" - }, - { - "name" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/" - }, - { - "name" : "24772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24772" - }, - { - "name" : "24776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24776" - }, - { - "name" : "ADV-2007-2449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2449" - }, - { - "name" : "37690", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37690" - }, - { - "name" : "25959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25959" - }, - { - "name" : "2873", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2873" - }, - { - "name" : "enjoysap-kweditcontrolkwedit1-bo(35267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\\SapGui\\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37690", + "refsource": "OSVDB", + "url": "http://osvdb.org/37690" + }, + { + "name": "24772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24772" + }, + { + "name": "2873", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2873" + }, + { + "name": "24776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24776" + }, + { + "name": "25959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25959" + }, + { + "name": "enjoysap-kweditcontrolkwedit1-bo(35267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35267" + }, + { + "name": "4148", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4148" + }, + { + "name": "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472887/100/0/threaded" + }, + { + "name": "ADV-2007-2449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2449" + }, + { + "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4378.json b/2007/4xxx/CVE-2007-4378.json index d32c83cf6b0..1f8230a1d87 100644 --- a/2007/4xxx/CVE-2007-4378.json +++ b/2007/4xxx/CVE-2007-4378.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070814 Multiple vulnerabilities in Babo Violent 2 2.08.00", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476520/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/bv2x-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/bv2x-adv.txt" - }, - { - "name" : "25329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25329" - }, - { - "name" : "26453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26453" - }, - { - "name" : "3024", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3024" - }, - { - "name" : "baboviolent-messages-format-string(36015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26453" + }, + { + "name": "baboviolent-messages-format-string(36015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36015" + }, + { + "name": "3024", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3024" + }, + { + "name": "20070814 Multiple vulnerabilities in Babo Violent 2 2.08.00", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476520/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/bv2x-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/bv2x-adv.txt" + }, + { + "name": "25329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25329" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4447.json b/2007/4xxx/CVE-2007-4447.json index 2b2a2415973..0de000546fd 100644 --- a/2007/4xxx/CVE-2007-4447.json +++ b/2007/4xxx/CVE-2007-4447.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070818 Multiple vulnerabilities in Toribash 2.71", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477025/100/0/threaded" - }, - { - "name" : "http://aluigi.org/poc/toribashish.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/toribashish.zip" - }, - { - "name" : "25359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25359" - }, - { - "name" : "26507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26507" - }, - { - "name" : "3033", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3033" - }, - { - "name" : "toribash-say-bo(36097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070818 Multiple vulnerabilities in Toribash 2.71", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477025/100/0/threaded" + }, + { + "name": "toribash-say-bo(36097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36097" + }, + { + "name": "http://aluigi.org/poc/toribashish.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/toribashish.zip" + }, + { + "name": "25359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25359" + }, + { + "name": "26507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26507" + }, + { + "name": "3033", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3033" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4825.json b/2007/4xxx/CVE-2007-4825.json index 5d1c503e6ee..2171acf7370 100644 --- a/2007/4xxx/CVE-2007-4825.json +++ b/2007/4xxx/CVE-2007-4825.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478988/100/0/threaded" - }, - { - "name" : "20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478985/100/0/threaded" - }, - { - "name" : "20070910 Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478989/100/0/threaded" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.2.5", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.2.5" - }, - { - "name" : "http://www.php.net/releases/5_2_5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_5.php" - }, - { - "name" : "GLSA-200710-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" - }, - { - "name" : "SUSE-SA:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" - }, - { - "name" : "45902", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45902" - }, - { - "name" : "27102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27102" - }, - { - "name" : "28658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28658" - }, - { - "name" : "3119", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3119" - }, - { - "name" : "php-dl-security-bypass(36528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/ChangeLog-5.php#5.2.5", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.2.5" + }, + { + "name": "20070910 Re: PHP <=5.2.4 open_basedir bypass & code exec & denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478989/100/0/threaded" + }, + { + "name": "45902", + "refsource": "OSVDB", + "url": "http://osvdb.org/45902" + }, + { + "name": "SUSE-SA:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" + }, + { + "name": "28658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28658" + }, + { + "name": "3119", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3119" + }, + { + "name": "GLSA-200710-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" + }, + { + "name": "20070910 /* PHP <=5.2.4 open_basedir bypass & code exec & denial of service errata ... working on windows too .. */", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded" + }, + { + "name": "http://www.php.net/releases/5_2_5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_5.php" + }, + { + "name": "20070910 PHP <=5.2.4 open_basedir bypass & code exec & denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded" + }, + { + "name": "php-dl-security-bypass(36528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36528" + }, + { + "name": "27102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27102" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4861.json b/2007/4xxx/CVE-2007-4861.json index e71effe3f4e..a4fc5ac8619 100644 --- a/2007/4xxx/CVE-2007-4861.json +++ b/2007/4xxx/CVE-2007-4861.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071029 SAXON version 5.4 Multiple Path Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482930/100/0/threaded" - }, - { - "name" : "http://www.netvigilance.com/advisory0053", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0053" - }, - { - "name" : "http://www.quirm.net/punbb/viewtopic.php?id=129", - "refsource" : "CONFIRM", - "url" : "http://www.quirm.net/punbb/viewtopic.php?id=129" - }, - { - "name" : "45330", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45330" - }, - { - "name" : "45331", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45331" - }, - { - "name" : "45332", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45332" - }, - { - "name" : "45333", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45333" - }, - { - "name" : "45334", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45334" - }, - { - "name" : "3311", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3311" - }, - { - "name" : "saxon-news-edititem-path-disclosure(38138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45330", + "refsource": "OSVDB", + "url": "http://osvdb.org/45330" + }, + { + "name": "http://www.quirm.net/punbb/viewtopic.php?id=129", + "refsource": "CONFIRM", + "url": "http://www.quirm.net/punbb/viewtopic.php?id=129" + }, + { + "name": "saxon-news-edititem-path-disclosure(38138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38138" + }, + { + "name": "20071029 SAXON version 5.4 Multiple Path Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482930/100/0/threaded" + }, + { + "name": "3311", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3311" + }, + { + "name": "45332", + "refsource": "OSVDB", + "url": "http://osvdb.org/45332" + }, + { + "name": "45334", + "refsource": "OSVDB", + "url": "http://osvdb.org/45334" + }, + { + "name": "http://www.netvigilance.com/advisory0053", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0053" + }, + { + "name": "45333", + "refsource": "OSVDB", + "url": "http://osvdb.org/45333" + }, + { + "name": "45331", + "refsource": "OSVDB", + "url": "http://osvdb.org/45331" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6340.json b/2007/6xxx/CVE-2007-6340.json index 21be5d0895e..4f41e69a34d 100644 --- a/2007/6xxx/CVE-2007-6340.json +++ b/2007/6xxx/CVE-2007-6340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487269/100/0/threaded" - }, - { - "name" : "http://www.moernaut.com/default.aspx?item=lsrunase", - "refsource" : "CONFIRM", - "url" : "http://www.moernaut.com/default.aspx?item=lsrunase" - }, - { - "name" : "http://www.moernaut.com/default.aspx?item=supercrypt", - "refsource" : "CONFIRM", - "url" : "http://www.moernaut.com/default.aspx?item=supercrypt" - }, - { - "name" : "3611", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487269/100/0/threaded" + }, + { + "name": "http://www.moernaut.com/default.aspx?item=supercrypt", + "refsource": "CONFIRM", + "url": "http://www.moernaut.com/default.aspx?item=supercrypt" + }, + { + "name": "http://www.moernaut.com/default.aspx?item=lsrunase", + "refsource": "CONFIRM", + "url": "http://www.moernaut.com/default.aspx?item=lsrunase" + }, + { + "name": "3611", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3611" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6639.json b/2007/6xxx/CVE-2007-6639.json index 10af0ad1d45..8a0471a8cfd 100644 --- a/2007/6xxx/CVE-2007-6639.json +++ b/2007/6xxx/CVE-2007-6639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4821", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4821" - }, - { - "name" : "27082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27082" - }, - { - "name" : "39881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39881" - }, - { - "name" : "iptbb-index-sql-injection(39340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iptbb-index-sql-injection(39340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39340" + }, + { + "name": "27082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27082" + }, + { + "name": "39881", + "refsource": "OSVDB", + "url": "http://osvdb.org/39881" + }, + { + "name": "4821", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4821" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1083.json b/2010/1xxx/CVE-2010-1083.json index 1707ce7e595..5d028a949ee 100644 --- a/2010/1xxx/CVE-2010-1083.json +++ b/2010/1xxx/CVE-2010-1083.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20100221 [80/93] USB: usbfs: properly clean up the as structure on error paths", - "refsource" : "MLIST", - "url" : "http://lwn.net/Articles/375350/" - }, - { - "name" : "[linux-kernel] 20100330 [48/89] USB: usbfs: properly clean up the as structure on error paths", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2010/3/30/759" - }, - { - "name" : "[oss-security] 20100217 CVE request: kernel information leak via userspace USB interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/17/1" - }, - { - "name" : "[oss-security] 20100217 additional memory leak in USB userspace handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/17/2" - }, - { - "name" : "[oss-security] 20100218 Re: CVE request: kernel information leak via userspace USB interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/18/7" - }, - { - "name" : "[oss-security] 20100219 Re: CVE request: kernel information leak via userspace USB interface", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/19/1" - }, - { - "name" : "[oss-security] 20100219 Re: additional memory leak in USB userspace handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/18/4" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100090459", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100090459" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100113326", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100113326" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "DSA-2053", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2053" - }, - { - "name" : "RHSA-2010:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0394.html" - }, - { - "name" : "RHSA-2010:0723", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0723.html" - }, - { - "name" : "SUSE-SA:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html" - }, - { - "name" : "SUSE-SA:2010:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2010_23_kernel.html" - }, - { - "name" : "oval:org.mitre.oval:def:10831", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10831" - }, - { - "name" : "39742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39742" - }, - { - "name" : "39830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39830" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20100330 [48/89] USB: usbfs: properly clean up the as structure on error paths", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2010/3/30/759" + }, + { + "name": "oval:org.mitre.oval:def:10831", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10831" + }, + { + "name": "RHSA-2010:0723", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html" + }, + { + "name": "[linux-kernel] 20100221 [80/93] USB: usbfs: properly clean up the as structure on error paths", + "refsource": "MLIST", + "url": "http://lwn.net/Articles/375350/" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "RHSA-2010:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0394.html" + }, + { + "name": "[oss-security] 20100217 additional memory leak in USB userspace handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/17/2" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100090459", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100090459" + }, + { + "name": "[oss-security] 20100217 CVE request: kernel information leak via userspace USB interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/17/1" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100113326", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100113326" + }, + { + "name": "SUSE-SA:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html" + }, + { + "name": "SUSE-SA:2010:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html" + }, + { + "name": "[oss-security] 20100218 Re: CVE request: kernel information leak via userspace USB interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/18/7" + }, + { + "name": "[oss-security] 20100219 Re: additional memory leak in USB userspace handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/18/4" + }, + { + "name": "39742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39742" + }, + { + "name": "[oss-security] 20100219 Re: CVE request: kernel information leak via userspace USB interface", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/19/1" + }, + { + "name": "DSA-2053", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2053" + }, + { + "name": "39830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39830" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1557.json b/2010/1xxx/CVE-2010-1557.json index 30a5088defe..bbb3111a2d8 100644 --- a/2010/1xxx/CVE-2010-1557.json +++ b/2010/1xxx/CVE-2010-1557.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02522", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127370362007932&w=2" - }, - { - "name" : "SSRT100086", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127370362007932&w=2" - }, - { - "name" : "64615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100086", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127370362007932&w=2" + }, + { + "name": "HPSBMA02522", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127370362007932&w=2" + }, + { + "name": "64615", + "refsource": "OSVDB", + "url": "http://osvdb.org/64615" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1971.json b/2010/1xxx/CVE-2010-1971.json index 47ff85c4a45..1916c28831b 100644 --- a/2010/1xxx/CVE-2010-1971.json +++ b/2010/1xxx/CVE-2010-1971.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02553", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "SSRT100184", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" - }, - { - "name" : "1024186", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024186" - }, - { - "name" : "40553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40553" - }, - { - "name" : "ADV-2010-1792", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1792", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1792" + }, + { + "name": "SSRT100184", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + }, + { + "name": "1024186", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024186" + }, + { + "name": "40553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40553" + }, + { + "name": "HPSBMA02553", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5090.json b/2010/5xxx/CVE-2010-5090.json index 4a06ef40eb6..740ab78ae7c 100644 --- a/2010/5xxx/CVE-2010-5090.json +++ b/2010/5xxx/CVE-2010-5090.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/01/3" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/01/3" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0246.json b/2014/0xxx/CVE-2014-0246.json index 6f209b28762..62deac62ef8 100644 --- a/2014/0xxx/CVE-2014-0246.json +++ b/2014/0xxx/CVE-2014-0246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140527 CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/27/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101393", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1101393" - }, - { - "name" : "67634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67634" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101393", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101393" + }, + { + "name": "[oss-security] 20140527 CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/27/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0287.json b/2014/0xxx/CVE-2014-0287.json index 9946eb8f819..7c3d524d114 100644 --- a/2014/0xxx/CVE-2014-0287.json +++ b/2014/0xxx/CVE-2014-0287.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0281." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65386" - }, - { - "name" : "103185", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103185" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140287-code-exec(90777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0281." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "103185", + "refsource": "OSVDB", + "url": "http://osvdb.org/103185" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "ms-ie-cve20140287-code-exec(90777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90777" + }, + { + "name": "65386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65386" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0772.json b/2014/0xxx/CVE-2014-0772.json index da489a5cf32..4c43557e908 100644 --- a/2014/0xxx/CVE-2014-0772.json +++ b/2014/0xxx/CVE-2014-0772.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1731.json b/2014/1xxx/CVE-2014-1731.json index e4bd4d8e786..a0b163c005d 100644 --- a/2014/1xxx/CVE-2014-1731.json +++ b/2014/1xxx/CVE-2014-1731.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion\" for SELECT elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=349903", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=349903" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=171216&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=171216&view=revision" - }, - { - "name" : "http://support.apple.com/kb/HT6254", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6254" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-05-21-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "DSA-2920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2920" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0668", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" - }, - { - "name" : "openSUSE-SU-2014:0669", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" - }, - { - "name" : "67572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67572" - }, - { - "name" : "58301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58301" - }, - { - "name" : "60372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion\" for SELECT elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58301" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" + }, + { + "name": "openSUSE-SU-2014:0669", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=171216&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=171216&view=revision" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "60372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60372" + }, + { + "name": "http://support.apple.com/kb/HT6254", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6254" + }, + { + "name": "openSUSE-SU-2014:0668", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" + }, + { + "name": "DSA-2920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2920" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=349903", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=349903" + }, + { + "name": "APPLE-SA-2014-05-21-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html" + }, + { + "name": "67572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67572" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5384.json b/2014/5xxx/CVE-2014-5384.json index 2279f68eb66..6a9d6f7b870 100644 --- a/2014/5xxx/CVE-2014-5384.json +++ b/2014/5xxx/CVE-2014-5384.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[source-changes] 20140624 CVS commit: src/lib/libc/citrus", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html" - }, - { - "name" : "FreeBSD-SA-14:15", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc" - }, - { - "name" : "1030458", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-14:15", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc" + }, + { + "name": "1030458", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030458" + }, + { + "name": "[source-changes] 20140624 CVS commit: src/lib/libc/citrus", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5507.json b/2014/5xxx/CVE-2014-5507.json index 8f9af9c3ae5..046b6362432 100644 --- a/2014/5xxx/CVE-2014-5507.json +++ b/2014/5xxx/CVE-2014-5507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35040", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35040" - }, - { - "name" : "http://packetstormsecurity.com/files/128806/iBackup-10.0.0.32-Local-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128806/iBackup-10.0.0.32-Local-Privilege-Escalation.html" - }, - { - "name" : "70724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70724" - }, - { - "name" : "ibackup-cve20145507-priv-esc(97749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35040", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35040" + }, + { + "name": "70724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70724" + }, + { + "name": "http://packetstormsecurity.com/files/128806/iBackup-10.0.0.32-Local-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128806/iBackup-10.0.0.32-Local-Privilege-Escalation.html" + }, + { + "name": "ibackup-cve20145507-priv-esc(97749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97749" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5677.json b/2014/5xxx/CVE-2014-5677.json index 0e65ca3bce6..2dc9bc54d5d 100644 --- a/2014/5xxx/CVE-2014-5677.json +++ b/2014/5xxx/CVE-2014-5677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Point Inside Shopping & Travel (aka com.pointinside.android.app) application 3.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#344193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/344193" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Point Inside Shopping & Travel (aka com.pointinside.android.app) application 3.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#344193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/344193" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5825.json b/2014/5xxx/CVE-2014-5825.json index f314b351a06..3e09101f0a1 100644 --- a/2014/5xxx/CVE-2014-5825.json +++ b/2014/5xxx/CVE-2014-5825.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Guess The Movie (aka com.june.guessthemovie) application 2.982 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#257953", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/257953" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Guess The Movie (aka com.june.guessthemovie) application 2.982 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#257953", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/257953" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2009.json b/2015/2xxx/CVE-2015-2009.json index 713f0c84451..d9f37db6b78 100644 --- a/2015/2xxx/CVE-2015-2009.json +++ b/2015/2xxx/CVE-2015-2009.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21965821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965821", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965821" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2552.json b/2015/2xxx/CVE-2015-2552.json index e9d23cbfe52..64b05688858 100644 --- a/2015/2xxx/CVE-2015-2552.json +++ b/2015/2xxx/CVE-2015-2552.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka \"Trusted Boot Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151014 [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536678/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html" - }, - { - "name" : "MS15-111", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111" - }, - { - "name" : "1033805", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka \"Trusted Boot Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133962/Microsoft-Trusted-Boot-Security-Feature-Bypass.html" + }, + { + "name": "1033805", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033805" + }, + { + "name": "20151014 [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536678/100/0/threaded" + }, + { + "name": "MS15-111", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2614.json b/2015/2xxx/CVE-2015-2614.json index 80a5e5fd2bb..c48363a18ba 100644 --- a/2015/2xxx/CVE-2015-2614.json +++ b/2015/2xxx/CVE-2015-2614.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032914" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2923.json b/2015/2xxx/CVE-2015-2923.json index 3b74160d3ad..b372d658b66 100644 --- a/2015/2xxx/CVE-2015-2923.json +++ b/2015/2xxx/CVE-2015-2923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10013.json b/2016/10xxx/CVE-2016-10013.json index 5e703a9f4d2..b49594c1d46 100644 --- a/2016/10xxx/CVE-2016-10013.json +++ b/2016/10xxx/CVE-2016-10013.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-204.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-204.html" - }, - { - "name" : "DSA-3847", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3847" - }, - { - "name" : "94963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94963" - }, - { - "name" : "1037491", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94963" + }, + { + "name": "1037491", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037491" + }, + { + "name": "DSA-3847", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3847" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-204.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-204.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10122.json b/2016/10xxx/CVE-2016-10122.json index 4b9e2908ccc..0175bd54d93 100644 --- a/2016/10xxx/CVE-2016-10122.json +++ b/2016/10xxx/CVE-2016-10122.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail does not properly clean environment variables, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170105 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/05/4" - }, - { - "name" : "[oss-security] 20170106 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/06/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail does not properly clean environment variables, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170105 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/05/4" + }, + { + "name": "[oss-security] 20170106 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10392.json b/2016/10xxx/CVE-2016-10392.json index 504fbd1de6b..d8a157adba2 100644 --- a/2016/10xxx/CVE-2016-10392.json +++ b/2016/10xxx/CVE-2016-10392.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10660.json b/2016/10xxx/CVE-2016-10660.json index befeefdae5a..3b3613d6e95 100644 --- a/2016/10xxx/CVE-2016-10660.json +++ b/2016/10xxx/CVE-2016-10660.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "fis-parser-sass-bin node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "fis-parser-sass-bin node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/269", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/269", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/269" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4390.json b/2016/4xxx/CVE-2016-4390.json index 612594fd113..e8f3f3d8837 100644 --- a/2016/4xxx/CVE-2016-4390.json +++ b/2016/4xxx/CVE-2016-4390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05297477", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05297477" - }, - { - "name" : "93424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93424" - }, - { - "name" : "1036935", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4387, CVE-2016-4388, and CVE-2016-4389." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036935", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036935" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05297477", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05297477" + }, + { + "name": "93424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93424" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4433.json b/2016/4xxx/CVE-2016-4433.json index c0649218c48..293de697739 100644 --- a/2016/4xxx/CVE-2016-4433.json +++ b/2016/4xxx/CVE-2016-4433.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1348251", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1348251" - }, - { - "name" : "https://struts.apache.org/docs/s2-039.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-039.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "JVN#45093481", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN45093481/index.html" - }, - { - "name" : "JVNDB-2016-000112", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112" - }, - { - "name" : "91282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://struts.apache.org/docs/s2-039.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-039.html" + }, + { + "name": "91282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91282" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1348251", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348251" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" + }, + { + "name": "JVN#45093481", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN45093481/index.html" + }, + { + "name": "JVNDB-2016-000112", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4629.json b/2016/4xxx/CVE-2016-4629.json index 3040c696d54..1b904529ef2 100644 --- a/2016/4xxx/CVE-2016-4629.json +++ b/2016/4xxx/CVE-2016-4629.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0180/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0180/" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "91824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91824" - }, - { - "name" : "1036348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91824" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0180/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0180/" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "1036348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036348" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4878.json b/2016/4xxx/CVE-2016-4878.json index 2790be7e1d6..80e6d4894bd 100644 --- a/2016/4xxx/CVE-2016-4878.json +++ b/2016/4xxx/CVE-2016-4878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "baserCMS", - "version" : { - "version_data" : [ - { - "version_value" : "version 3.0.10 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "baserCMS Users Community" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "baserCMS", + "version": { + "version_data": [ + { + "version_value": "version 3.0.10 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "baserCMS Users Community" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://basercms.net/security/JVN92765814", - "refsource" : "CONFIRM", - "url" : "http://basercms.net/security/JVN92765814" - }, - { - "name" : "JVN#92765814", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN92765814/index.html" - }, - { - "name" : "93217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://basercms.net/security/JVN92765814", + "refsource": "CONFIRM", + "url": "http://basercms.net/security/JVN92765814" + }, + { + "name": "JVN#92765814", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN92765814/index.html" + }, + { + "name": "93217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93217" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4974.json b/2016/4xxx/CVE-2016-4974.json index 1ad67b18e3a..85a49afe6e7 100644 --- a/2016/4xxx/CVE-2016-4974.json +++ b/2016/4xxx/CVE-2016-4974.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160702 [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538813/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html" - }, - { - "name" : "http://qpid.apache.org/components/jms/security-0-x.html", - "refsource" : "CONFIRM", - "url" : "http://qpid.apache.org/components/jms/security-0-x.html" - }, - { - "name" : "http://qpid.apache.org/components/jms/security.html", - "refsource" : "CONFIRM", - "url" : "http://qpid.apache.org/components/jms/security.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPIDJMS-188", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPIDJMS-188" - }, - { - "name" : "91537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91537" - }, - { - "name" : "1036239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91537" + }, + { + "name": "20160702 [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538813/100/0/threaded" + }, + { + "name": "https://issues.apache.org/jira/browse/QPIDJMS-188", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPIDJMS-188" + }, + { + "name": "1036239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036239" + }, + { + "name": "http://qpid.apache.org/components/jms/security-0-x.html", + "refsource": "CONFIRM", + "url": "http://qpid.apache.org/components/jms/security-0-x.html" + }, + { + "name": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html" + }, + { + "name": "http://qpid.apache.org/components/jms/security.html", + "refsource": "CONFIRM", + "url": "http://qpid.apache.org/components/jms/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8181.json b/2016/8xxx/CVE-2016-8181.json index fce0e99a1e3..aa73291273e 100644 --- a/2016/8xxx/CVE-2016-8181.json +++ b/2016/8xxx/CVE-2016-8181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8181", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8181", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8492.json b/2016/8xxx/CVE-2016-8492.json index 30210ce2c1a..2dce02d5052 100644 --- a/2016/8xxx/CVE-2016-8492.json +++ b/2016/8xxx/CVE-2016-8492.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2016-8492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiGate", - "version" : { - "version_data" : [ - { - "version_value" : "Before 5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Disclosure of information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2016-8492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiGate", + "version": { + "version_data": [ + { + "version_value": "Before 5.0" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-16-067", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-16-067" - }, - { - "name" : "94480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94480" + }, + { + "name": "https://fortiguard.com/advisory/FG-IR-16-067", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-16-067" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8574.json b/2016/8xxx/CVE-2016-8574.json index b6405625403..319a48ead16 100644 --- a/2016/8xxx/CVE-2016-8574.json +++ b/2016/8xxx/CVE-2016-8574.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8936.json b/2016/8xxx/CVE-2016-8936.json index 03e975d295f..0a703ab52d0 100644 --- a/2016/8xxx/CVE-2016-8936.json +++ b/2016/8xxx/CVE-2016-8936.json @@ -1,214 +1,214 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0.0" - }, - { - "version_value" : "5.1.0.1" - }, - { - "version_value" : "5.1.0.2" - }, - { - "version_value" : "5.1.0.3" - }, - { - "version_value" : "5.1.0.4" - }, - { - "version_value" : "5.1.0.5" - }, - { - "version_value" : "6.0.0.0" - }, - { - "version_value" : "6.0.0.1" - }, - { - "version_value" : "6.0.1.1" - }, - { - "version_value" : "6.0.1.3" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.0.1.5" - }, - { - "version_value" : "6.0.1.2" - }, - { - "version_value" : "6.0.1.4" - }, - { - "version_value" : "6.1.0.1" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "6.1.0.3" - }, - { - "version_value" : "6.0.1.5 build wp6015_008_01" - }, - { - "version_value" : "6.0.0.2" - }, - { - "version_value" : "6.0.0.3" - }, - { - "version_value" : "6.0.0.4" - }, - { - "version_value" : "6.0.1.0" - }, - { - "version_value" : "6.0.1.6" - }, - { - "version_value" : "6.0.1.7" - }, - { - "version_value" : "6.1.5.0" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.0.1" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "1.0" - }, - { - "version_value" : "7.0.0.1" - }, - { - "version_value" : "7.0.0.1" - }, - { - "version_value" : "7.0.0.1" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "7.0.0.2" - }, - { - "version_value" : "6.1.0.4" - }, - { - "version_value" : "6.1.0.5" - }, - { - "version_value" : "6.1.0.6" - }, - { - "version_value" : "6.1.5.1" - }, - { - "version_value" : "6.1.5.2" - }, - { - "version_value" : "6.1.5.3" - }, - { - "version_value" : "8" - }, - { - "version_value" : "7" - }, - { - "version_value" : "6.1.5" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "8.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "5.1.0.0" + }, + { + "version_value": "5.1.0.1" + }, + { + "version_value": "5.1.0.2" + }, + { + "version_value": "5.1.0.3" + }, + { + "version_value": "5.1.0.4" + }, + { + "version_value": "5.1.0.5" + }, + { + "version_value": "6.0.0.0" + }, + { + "version_value": "6.0.0.1" + }, + { + "version_value": "6.0.1.1" + }, + { + "version_value": "6.0.1.3" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.0.1.5" + }, + { + "version_value": "6.0.1.2" + }, + { + "version_value": "6.0.1.4" + }, + { + "version_value": "6.1.0.1" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "6.1.0.3" + }, + { + "version_value": "6.0.1.5 build wp6015_008_01" + }, + { + "version_value": "6.0.0.2" + }, + { + "version_value": "6.0.0.3" + }, + { + "version_value": "6.0.0.4" + }, + { + "version_value": "6.0.1.0" + }, + { + "version_value": "6.0.1.6" + }, + { + "version_value": "6.0.1.7" + }, + { + "version_value": "6.1.5.0" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.0.0.1" + }, + { + "version_value": "8.0" + }, + { + "version_value": "1.0" + }, + { + "version_value": "7.0.0.1" + }, + { + "version_value": "7.0.0.1" + }, + { + "version_value": "7.0.0.1" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "7.0.0.2" + }, + { + "version_value": "6.1.0.4" + }, + { + "version_value": "6.1.0.5" + }, + { + "version_value": "6.1.0.6" + }, + { + "version_value": "6.1.5.1" + }, + { + "version_value": "6.1.5.2" + }, + { + "version_value": "6.1.5.3" + }, + { + "version_value": "8" + }, + { + "version_value": "7" + }, + { + "version_value": "6.1.5" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "6.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "8.5.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993895", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993895" - }, - { - "name" : "94443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993895", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993895" + }, + { + "name": "94443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94443" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9052.json b/2016/9xxx/CVE-2016-9052.json index e0ee08f6b89..fa31b6fff0b 100644 --- a/2016/9xxx/CVE-2016-9052.json +++ b/2016/9xxx/CVE-2016-9052.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-9052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aerospike version Aerospike Database Server 3.10.0.3", - "version" : { - "version_data" : [ - { - "version_value" : "Aerospike version Aerospike Database Server 3.10.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-9052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aerospike version Aerospike Database Server 3.10.0.3", + "version": { + "version_data": [ + { + "version_value": "Aerospike version Aerospike Database Server 3.10.0.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0266/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0266/" - }, - { - "name" : "95419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0266/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0266/" + }, + { + "name": "95419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95419" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9146.json b/2016/9xxx/CVE-2016-9146.json index 4ebeec84688..2ddc9cf5d6a 100644 --- a/2016/9xxx/CVE-2016-9146.json +++ b/2016/9xxx/CVE-2016-9146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9355.json b/2016/9xxx/CVE-2016-9355.json index 5c37d769868..064ff5e0406 100644 --- a/2016/9xxx/CVE-2016-9355.json +++ b/2016/9xxx/CVE-2016-9355.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities", - "version" : { - "version_data" : [ - { - "version_value" : "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities", + "version": { + "version_data": [ + { + "version_value": "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02" - }, - { - "name" : "96116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96116" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9369.json b/2016/9xxx/CVE-2016-9369.json index 06402a67516..f20b587b6d7 100644 --- a/2016/9xxx/CVE-2016-9369.json +++ b/2016/9xxx/CVE-2016-9369.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa NPort", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa NPort" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa NPort Device firmware spoof" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa NPort", + "version": { + "version_data": [ + { + "version_value": "Moxa NPort" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" - }, - { - "name" : "85965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa NPort Device firmware spoof" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" + }, + { + "name": "85965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85965" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9722.json b/2016/9xxx/CVE-2016-9722.json index 19ff55eafff..ed48a29c9a8 100644 --- a/2016/9xxx/CVE-2016-9722.json +++ b/2016/9xxx/CVE-2016-9722.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-05T00:00:00", - "ID" : "CVE-2016-9722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-05T00:00:00", + "ID": "CVE-2016-9722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45005", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45005/" - }, - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119737", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119737" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012293", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119737", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119737" + }, + { + "name": "45005", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45005/" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012293", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012293" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2282.json b/2019/2xxx/CVE-2019-2282.json index 6ba114398db..62c093ccf07 100644 --- a/2019/2xxx/CVE-2019-2282.json +++ b/2019/2xxx/CVE-2019-2282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2282", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2282", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2436.json b/2019/2xxx/CVE-2019-2436.json index 936cd91702f..cf04efcec3f 100644 --- a/2019/2xxx/CVE-2019-2436.json +++ b/2019/2xxx/CVE-2019-2436.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2486.json b/2019/2xxx/CVE-2019-2486.json index a0ff2d18557..c6ff694784a 100644 --- a/2019/2xxx/CVE-2019-2486.json +++ b/2019/2xxx/CVE-2019-2486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.24 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.24 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "USN-3867-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3867-1/" - }, - { - "name" : "106627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106627" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3867-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3867-1/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3395.json b/2019/3xxx/CVE-2019-3395.json index 4ac8d09bc0d..0c88ac1bf28 100644 --- a/2019/3xxx/CVE-2019-3395.json +++ b/2019/3xxx/CVE-2019-3395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3937.json b/2019/3xxx/CVE-2019-3937.json index f7cd1f4dbae..dda60bf55a2 100644 --- a/2019/3xxx/CVE-2019-3937.json +++ b/2019/3xxx/CVE-2019-3937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6253.json b/2019/6xxx/CVE-2019-6253.json index 0070db21bf2..5f735add53c 100644 --- a/2019/6xxx/CVE-2019-6253.json +++ b/2019/6xxx/CVE-2019-6253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6319.json b/2019/6xxx/CVE-2019-6319.json index 3fad99b773d..bc6c031ab39 100644 --- a/2019/6xxx/CVE-2019-6319.json +++ b/2019/6xxx/CVE-2019-6319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6408.json b/2019/6xxx/CVE-2019-6408.json index a0c6695987b..6f959e6d34c 100644 --- a/2019/6xxx/CVE-2019-6408.json +++ b/2019/6xxx/CVE-2019-6408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6464.json b/2019/6xxx/CVE-2019-6464.json index 15fa8daeb4d..34c5951e85a 100644 --- a/2019/6xxx/CVE-2019-6464.json +++ b/2019/6xxx/CVE-2019-6464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7042.json b/2019/7xxx/CVE-2019-7042.json index 4e9c50dea48..6e0ade65eb4 100644 --- a/2019/7xxx/CVE-2019-7042.json +++ b/2019/7xxx/CVE-2019-7042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7567.json b/2019/7xxx/CVE-2019-7567.json index 5acc9718511..576ba59a73a 100644 --- a/2019/7xxx/CVE-2019-7567.json +++ b/2019/7xxx/CVE-2019-7567.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/caokang/waimai/issues/10", - "refsource" : "MISC", - "url" : "https://github.com/caokang/waimai/issues/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/caokang/waimai/issues/10", + "refsource": "MISC", + "url": "https://github.com/caokang/waimai/issues/10" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7885.json b/2019/7xxx/CVE-2019-7885.json index e16d84f09be..846c233d87b 100644 --- a/2019/7xxx/CVE-2019-7885.json +++ b/2019/7xxx/CVE-2019-7885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file