diff --git a/2007/0xxx/CVE-2007-0662.json b/2007/0xxx/CVE-2007-0662.json index 3df8994b8ea..bb94d759c0b 100644 --- a/2007/0xxx/CVE-2007-0662.json +++ b/2007/0xxx/CVE-2007-0662.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3236", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3236" - }, - { - "name" : "22333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22333" - }, - { - "name" : "ADV-2007-0450", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0450" - }, - { - "name" : "33078", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33078" - }, - { - "name" : "24002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24002" - }, - { - "name" : "hailboards-usercpviewprofile-file-include(31997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24002" + }, + { + "name": "3236", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3236" + }, + { + "name": "hailboards-usercpviewprofile-file-include(31997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31997" + }, + { + "name": "33078", + "refsource": "OSVDB", + "url": "http://osvdb.org/33078" + }, + { + "name": "22333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22333" + }, + { + "name": "ADV-2007-0450", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0450" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3031.json b/2007/3xxx/CVE-2007-3031.json index 69dbd3b57de..afa42849a13 100644 --- a/2007/3xxx/CVE-2007-3031.json +++ b/2007/3xxx/CVE-2007-3031.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3031", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-3031", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3121.json b/2007/3xxx/CVE-2007-3121.json index 00ed0472c09..164ea0343e7 100644 --- a/2007/3xxx/CVE-2007-3121.json +++ b/2007/3xxx/CVE-2007-3121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=492374&group_id=2599", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=492374&group_id=2599" - }, - { - "name" : "ADV-2007-2088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2088" - }, - { - "name" : "43454", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=492374&group_id=2599", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=492374&group_id=2599" + }, + { + "name": "43454", + "refsource": "OSVDB", + "url": "http://osvdb.org/43454" + }, + { + "name": "ADV-2007-2088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2088" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3243.json b/2007/3xxx/CVE-2007-3243.json index a2ac918b65c..4af556a6bac 100644 --- a/2007/3xxx/CVE-2007-3243.json +++ b/2007/3xxx/CVE-2007-3243.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55", - "refsource" : "MISC", - "url" : "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55" - }, - { - "name" : "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/" - }, - { - "name" : "24422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24422" - }, - { - "name" : "36818", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36818" - }, - { - "name" : "bbpress-bblogin-xss(34947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55", + "refsource": "MISC", + "url": "http://www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55" + }, + { + "name": "36818", + "refsource": "OSVDB", + "url": "http://osvdb.org/36818" + }, + { + "name": "24422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24422" + }, + { + "name": "bbpress-bblogin-xss(34947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34947" + }, + { + "name": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/", + "refsource": "MISC", + "url": "http://www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3312.json b/2007/3xxx/CVE-2007-3312.json index b57ad76fa83..021b4bc2762 100644 --- a/2007/3xxx/CVE-2007-3312.json +++ b/2007/3xxx/CVE-2007-3312.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4081" - }, - { - "name" : "24546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24546" - }, - { - "name" : "ADV-2007-2264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2264" - }, - { - "name" : "37067", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37067" - }, - { - "name" : "25737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24546" + }, + { + "name": "ADV-2007-2264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2264" + }, + { + "name": "25737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25737" + }, + { + "name": "4081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4081" + }, + { + "name": "37067", + "refsource": "OSVDB", + "url": "http://osvdb.org/37067" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3665.json b/2007/3xxx/CVE-2007-3665.json index ebd96b7969f..f4e0d7fc27b 100644 --- a/2007/3xxx/CVE-2007-3665.json +++ b/2007/3xxx/CVE-2007-3665.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070707 [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473187" - }, - { - "name" : "20070709 Re: [Eleytt] 7LIPIEC2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473212" - }, - { - "name" : "http://www.eleytt.com/advisories/eleytt_GHOST1.pdf", - "refsource" : "MISC", - "url" : "http://www.eleytt.com/advisories/eleytt_GHOST1.pdf" - }, - { - "name" : "24826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24826" - }, - { - "name" : "45802", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45802", + "refsource": "OSVDB", + "url": "http://osvdb.org/45802" + }, + { + "name": "20070707 [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473187" + }, + { + "name": "24826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24826" + }, + { + "name": "http://www.eleytt.com/advisories/eleytt_GHOST1.pdf", + "refsource": "MISC", + "url": "http://www.eleytt.com/advisories/eleytt_GHOST1.pdf" + }, + { + "name": "20070709 Re: [Eleytt] 7LIPIEC2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473212" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3671.json b/2007/3xxx/CVE-2007-3671.json index 6b65d91a954..c2431c68897 100644 --- a/2007/3xxx/CVE-2007-3671.json +++ b/2007/3xxx/CVE-2007-3671.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the \"0day IPO\" presentation at SyScan'07." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/security/?p=358", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=358" - }, - { - "name" : "http://www.immunityinc.com/downloads/0day_IPO.pdf", - "refsource" : "MISC", - "url" : "http://www.immunityinc.com/downloads/0day_IPO.pdf" - }, - { - "name" : "24816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24816" - }, - { - "name" : "45809", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the \"0day IPO\" presentation at SyScan'07." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.immunityinc.com/downloads/0day_IPO.pdf", + "refsource": "MISC", + "url": "http://www.immunityinc.com/downloads/0day_IPO.pdf" + }, + { + "name": "45809", + "refsource": "OSVDB", + "url": "http://osvdb.org/45809" + }, + { + "name": "24816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24816" + }, + { + "name": "http://blogs.zdnet.com/security/?p=358", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=358" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3907.json b/2007/3xxx/CVE-2007-3907.json index 08babcceb18..cbd6e95ad4f 100644 --- a/2007/3xxx/CVE-2007-3907.json +++ b/2007/3xxx/CVE-2007-3907.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070718 Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473987/100/0/threaded" - }, - { - "name" : "20070718 Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473993/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965" - }, - { - "name" : "http://www.ledgersmb.org/node/52", - "refsource" : "CONFIRM", - "url" : "http://www.ledgersmb.org/node/52" - }, - { - "name" : "24940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24940" - }, - { - "name" : "ADV-2007-2576", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2576" - }, - { - "name" : "26121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26121" - }, - { - "name" : "ledgersmb-redirection-security-bypass(35507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070718 Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473993/100/0/threaded" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965" + }, + { + "name": "26121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26121" + }, + { + "name": "ADV-2007-2576", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2576" + }, + { + "name": "20070718 Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473987/100/0/threaded" + }, + { + "name": "http://www.ledgersmb.org/node/52", + "refsource": "CONFIRM", + "url": "http://www.ledgersmb.org/node/52" + }, + { + "name": "ledgersmb-redirection-security-bypass(35507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35507" + }, + { + "name": "24940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24940" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4069.json b/2007/4xxx/CVE-2007-4069.json index 9e091948302..4a6cb92e88b 100644 --- a/2007/4xxx/CVE-2007-4069.json +++ b/2007/4xxx/CVE-2007-4069.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4225", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4225" - }, - { - "name" : "http://www.indexscript.com/forum/showthread.php?t=2266", - "refsource" : "CONFIRM", - "url" : "http://www.indexscript.com/forum/showthread.php?t=2266" - }, - { - "name" : "25064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25064" - }, - { - "name" : "ADV-2007-2696", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2696" - }, - { - "name" : "36285", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36285" - }, - { - "name" : "26218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26218" - }, - { - "name" : "indexscript-showcat-sql-injection(35592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4225", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4225" + }, + { + "name": "36285", + "refsource": "OSVDB", + "url": "http://osvdb.org/36285" + }, + { + "name": "ADV-2007-2696", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2696" + }, + { + "name": "indexscript-showcat-sql-injection(35592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35592" + }, + { + "name": "http://www.indexscript.com/forum/showthread.php?t=2266", + "refsource": "CONFIRM", + "url": "http://www.indexscript.com/forum/showthread.php?t=2266" + }, + { + "name": "26218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26218" + }, + { + "name": "25064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25064" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4075.json b/2007/4xxx/CVE-2007-4075.json index c2900392906..f56e141314c 100644 --- a/2007/4xxx/CVE-2007-4075.json +++ b/2007/4xxx/CVE-2007-4075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25007" - }, - { - "name" : "37135", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25007" + }, + { + "name": "37135", + "refsource": "OSVDB", + "url": "http://osvdb.org/37135" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4186.json b/2007/4xxx/CVE-2007-4186.json index 353944c0841..e5cffa4c6f3 100644 --- a/2007/4xxx/CVE-2007-4186.json +++ b/2007/4xxx/CVE-2007-4186.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070802 our de France Pool 1.0.1 Remote File İnclude Bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475356/100/0/threaded" - }, - { - "name" : "http://yollubunlar.org/our-de-france-pool-101-remote-file-include-43.html", - "refsource" : "MISC", - "url" : "http://yollubunlar.org/our-de-france-pool-101-remote-file-include-43.html" - }, - { - "name" : "25183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25183" - }, - { - "name" : "39059", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39059" - }, - { - "name" : "2979", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2979" - }, - { - "name" : "tourdefrance-admintourtoto-file-include(35779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39059", + "refsource": "OSVDB", + "url": "http://osvdb.org/39059" + }, + { + "name": "http://yollubunlar.org/our-de-france-pool-101-remote-file-include-43.html", + "refsource": "MISC", + "url": "http://yollubunlar.org/our-de-france-pool-101-remote-file-include-43.html" + }, + { + "name": "20070802 our de France Pool 1.0.1 Remote File İnclude Bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475356/100/0/threaded" + }, + { + "name": "25183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25183" + }, + { + "name": "2979", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2979" + }, + { + "name": "tourdefrance-admintourtoto-file-include(35779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35779" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4789.json b/2007/4xxx/CVE-2007-4789.json index 3ae889aa76f..75857b9105b 100644 --- a/2007/4xxx/CVE-2007-4789.json +++ b/2007/4xxx/CVE-2007-4789.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070905 Denial of Service Vulnerabilities in Content Switching Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml" - }, - { - "name" : "25547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25547" - }, - { - "name" : "ADV-2007-3062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3062" - }, - { - "name" : "37501", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37501" - }, - { - "name" : "1018654", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018654" - }, - { - "name" : "26724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26724" - }, - { - "name" : "cisco-content-switching-dos(36453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070905 Denial of Service Vulnerabilities in Content Switching Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml" + }, + { + "name": "cisco-content-switching-dos(36453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36453" + }, + { + "name": "37501", + "refsource": "OSVDB", + "url": "http://osvdb.org/37501" + }, + { + "name": "1018654", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018654" + }, + { + "name": "25547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25547" + }, + { + "name": "26724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26724" + }, + { + "name": "ADV-2007-3062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3062" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6207.json b/2007/6xxx/CVE-2007-6207.json index ae473701078..6b6684d9fd5 100644 --- a/2007/6xxx/CVE-2007-6207.json +++ b/2007/6xxx/CVE-2007-6207.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html", - "refsource" : "MISC", - "url" : "http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html" - }, - { - "name" : "20071021 [Xen-ia64-devel] PATCH: check r2 value for VTi mov rr[r3]=r2", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html" - }, - { - "name" : "RHSA-2008:0154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0154.html" - }, - { - "name" : "26716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26716" - }, - { - "name" : "41341", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41341" - }, - { - "name" : "oval:org.mitre.oval:def:9471", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471" - }, - { - "name" : "27915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27915" - }, - { - "name" : "29236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41341", + "refsource": "OSVDB", + "url": "http://osvdb.org/41341" + }, + { + "name": "RHSA-2008:0154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0154.html" + }, + { + "name": "http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html", + "refsource": "MISC", + "url": "http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html" + }, + { + "name": "27915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27915" + }, + { + "name": "29236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29236" + }, + { + "name": "oval:org.mitre.oval:def:9471", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471" + }, + { + "name": "20071021 [Xen-ia64-devel] PATCH: check r2 value for VTi mov rr[r3]=r2", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html" + }, + { + "name": "26716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26716" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6233.json b/2007/6xxx/CVE-2007-6233.json index b6bc6033b81..bc9d9b97849 100644 --- a/2007/6xxx/CVE-2007-6233.json +++ b/2007/6xxx/CVE-2007-6233.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4681", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4681" - }, - { - "name" : "27875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27875" - }, - { - "name" : "ftp-admin-index-file-include(38779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4681", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4681" + }, + { + "name": "ftp-admin-index-file-include(38779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38779" + }, + { + "name": "27875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27875" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6411.json b/2007/6xxx/CVE-2007-6411.json index 2ac363427ae..3576452ffc8 100644 --- a/2007/6xxx/CVE-2007-6411.json +++ b/2007/6xxx/CVE-2007-6411.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071122 Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484077/100/200/threaded" - }, - { - "name" : "20071122 Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484086/100/200/threaded" - }, - { - "name" : "20071123 Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484122/100/200/threaded" - }, - { - "name" : "20071123 Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484105/100/200/threaded" - }, - { - "name" : "20071123 Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484119/100/200/threaded" - }, - { - "name" : "20071123 Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484126/100/200/threaded" - }, - { - "name" : "20071205 [ELEYTT] Public Advisory 05-12-2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484607/100/0/threaded" - }, - { - "name" : "http://vexillium.org/advisory_eng.txt", - "refsource" : "MISC", - "url" : "http://vexillium.org/advisory_eng.txt" - }, - { - "name" : "3455", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071122 Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484086/100/200/threaded" + }, + { + "name": "20071205 [ELEYTT] Public Advisory 05-12-2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded" + }, + { + "name": "3455", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3455" + }, + { + "name": "http://vexillium.org/advisory_eng.txt", + "refsource": "MISC", + "url": "http://vexillium.org/advisory_eng.txt" + }, + { + "name": "20071123 Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484119/100/200/threaded" + }, + { + "name": "20071123 Re: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484126/100/200/threaded" + }, + { + "name": "20071123 Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484105/100/200/threaded" + }, + { + "name": "20071123 Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484122/100/200/threaded" + }, + { + "name": "20071122 Gadu-Gadu Local/Remote Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484077/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6687.json b/2007/6xxx/CVE-2007-6687.json index b3ec3f00ecd..b9215e1680a 100644 --- a/2007/6xxx/CVE-2007-6687.json +++ b/2007/6xxx/CVE-2007-6687.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.4_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.4_released" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217" - }, - { - "name" : "GLSA-200802-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml" - }, - { - "name" : "41671", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41671" - }, - { - "name" : "41672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41672" - }, - { - "name" : "41673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41673" - }, - { - "name" : "28898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_2.2.4_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.4_released" + }, + { + "name": "GLSA-200802-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-04.xml" + }, + { + "name": "41671", + "refsource": "OSVDB", + "url": "http://osvdb.org/41671" + }, + { + "name": "41672", + "refsource": "OSVDB", + "url": "http://osvdb.org/41672" + }, + { + "name": "28898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28898" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203217", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203217" + }, + { + "name": "41673", + "refsource": "OSVDB", + "url": "http://osvdb.org/41673" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1205.json b/2010/1xxx/CVE-2010-1205.json index 37902c09482..569a53b0c28 100644 --- a/2010/1xxx/CVE-2010-1205.json +++ b/2010/1xxx/CVE-2010-1205.json @@ -1,302 +1,302 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18", - "refsource" : "CONFIRM", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18" - }, - { - "name" : "http://www.libpng.org/pub/png/libpng.html", - "refsource" : "CONFIRM", - "url" : "http://www.libpng.org/pub/png/libpng.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=608238", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=608238" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=45983", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=45983" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" - }, - { - "name" : "http://trac.webkit.org/changeset/61816", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/61816" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=40798", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=40798" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=570451", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=570451" - }, - { - "name" : "http://support.apple.com/kb/HT4312", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4312" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "http://support.apple.com/kb/HT4457", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4457" - }, - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "http://blackberry.com/btsc/KB27244", - "refsource" : "CONFIRM", - "url" : "http://blackberry.com/btsc/KB27244" - }, - { - "name" : "APPLE-SA-2010-08-24-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "DSA-2072", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2072" - }, - { - "name" : "FEDORA-2010-10823", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" - }, - { - "name" : "FEDORA-2010-10833", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" - }, - { - "name" : "MDVSA-2010:133", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" - }, - { - "name" : "SSA:2010-180-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-960-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-960-1" - }, - { - "name" : "41174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41174" - }, - { - "name" : "oval:org.mitre.oval:def:11851", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851" - }, - { - "name" : "40302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40302" - }, - { - "name" : "40472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40472" - }, - { - "name" : "40547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40547" - }, - { - "name" : "41574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41574" - }, - { - "name" : "42317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42317" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "40336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40336" - }, - { - "name" : "ADV-2010-1612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1612" - }, - { - "name" : "ADV-2010-1755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1755" - }, - { - "name" : "ADV-2010-1837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1837" - }, - { - "name" : "ADV-2010-1846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1846" - }, - { - "name" : "ADV-2010-1877", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1877" - }, - { - "name" : "ADV-2010-2491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2491" - }, - { - "name" : "ADV-2010-3045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3045" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2010-1637", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1637" - }, - { - "name" : "libpng-rowdata-bo(59815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:133", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:133" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" + }, + { + "name": "41174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41174" + }, + { + "name": "ADV-2010-1877", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1877" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html" + }, + { + "name": "ADV-2010-3045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3045" + }, + { + "name": "libpng-rowdata-bo(59815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59815" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-41.html" + }, + { + "name": "oval:org.mitre.oval:def:11851", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851" + }, + { + "name": "ADV-2010-1837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1837" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=570451" + }, + { + "name": "http://support.apple.com/kb/HT4457", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4457" + }, + { + "name": "ADV-2010-1755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1755" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "40472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40472" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "40302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40302" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40336" + }, + { + "name": "41574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41574" + }, + { + "name": "USN-960-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-960-1" + }, + { + "name": "http://blackberry.com/btsc/KB27244", + "refsource": "CONFIRM", + "url": "http://blackberry.com/btsc/KB27244" + }, + { + "name": "http://www.libpng.org/pub/png/libpng.html", + "refsource": "CONFIRM", + "url": "http://www.libpng.org/pub/png/libpng.html" + }, + { + "name": "APPLE-SA-2010-08-24-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "42317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42317" + }, + { + "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" + }, + { + "name": "FEDORA-2010-10823", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html" + }, + { + "name": "DSA-2072", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2072" + }, + { + "name": "http://support.apple.com/kb/HT4312", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4312" + }, + { + "name": "40547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40547" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2010-1637", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1637" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "SSA:2010-180-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061" + }, + { + "name": "FEDORA-2010-10833", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=40798", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=40798" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "ADV-2010-2491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2491" + }, + { + "name": "http://trac.webkit.org/changeset/61816", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/61816" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18", + "refsource": "CONFIRM", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=45983", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=45983" + }, + { + "name": "ADV-2010-1846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1846" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608238", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + }, + { + "name": "ADV-2010-1612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1612" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1360.json b/2014/1xxx/CVE-2014-1360.json index 3b45bfb8110..44f106231f8 100644 --- a/2014/1xxx/CVE-2014-1360.json +++ b/2014/1xxx/CVE-2014-1360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "68276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68276" - }, - { - "name" : "1030500", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "68276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68276" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "1030500", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030500" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1886.json b/2014/1xxx/CVE-2014-1886.json index 50867aa872f..f8a3b60e633 100644 --- a/2014/1xxx/CVE-2014-1886.json +++ b/2014/1xxx/CVE-2014-1886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of \"obscure Eastern European dating sites.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/07/9" - }, - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" - }, - { - "name" : "http://www.internetsociety.org/ndss2014/programme#session3", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/ndss2014/programme#session3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of \"obscure Eastern European dating sites.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" + }, + { + "name": "http://www.internetsociety.org/ndss2014/programme#session3", + "refsource": "MISC", + "url": "http://www.internetsociety.org/ndss2014/programme#session3" + }, + { + "name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/07/9" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1968.json b/2014/1xxx/CVE-2014-1968.json index 93087cb0b72..9460b0c5b47 100644 --- a/2014/1xxx/CVE-2014-1968.json +++ b/2014/1xxx/CVE-2014-1968.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xoonips.sourceforge.jp", - "refsource" : "CONFIRM", - "url" : "http://xoonips.sourceforge.jp" - }, - { - "name" : "JVN#87797318", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87797318/index.html" - }, - { - "name" : "JVNDB-2014-000025", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000025" - }, - { - "name" : "65807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#87797318", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87797318/index.html" + }, + { + "name": "JVNDB-2014-000025", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000025" + }, + { + "name": "65807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65807" + }, + { + "name": "http://xoonips.sourceforge.jp", + "refsource": "CONFIRM", + "url": "http://xoonips.sourceforge.jp" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5262.json b/2014/5xxx/CVE-2014-5262.json index ac6080b56e3..2ca7afd69b0 100644 --- a/2014/5xxx/CVE-2014-5262.json +++ b/2014/5xxx/CVE-2014-5262.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140812 CVE id request: cacti remote code execution and SQL injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/351" - }, - { - "name" : "[oss-security] 20140816 Re: CVE id request: cacti remote code execution and SQL injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/386" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127165", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127165" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=7454", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=7454" - }, - { - "name" : "DSA-3007", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3007" - }, - { - "name" : "GLSA-201607-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-05" - }, - { - "name" : "69213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69213" - }, - { - "name" : "cacti-multiple-unspecified(95292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201607-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-05" + }, + { + "name": "DSA-3007", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3007" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127165", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127165" + }, + { + "name": "[oss-security] 20140812 CVE id request: cacti remote code execution and SQL injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/351" + }, + { + "name": "cacti-multiple-unspecified(95292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95292" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=7454", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=7454" + }, + { + "name": "69213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69213" + }, + { + "name": "[oss-security] 20140816 Re: CVE id request: cacti remote code execution and SQL injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/386" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5365.json b/2014/5xxx/CVE-2014-5365.json index 522b277d177..b9b442f7998 100644 --- a/2014/5xxx/CVE-2014-5365.json +++ b/2014/5xxx/CVE-2014-5365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5421.json b/2014/5xxx/CVE-2014-5421.json index 8508a3cac23..e009dba601f 100644 --- a/2014/5xxx/CVE-2014-5421.json +++ b/2014/5xxx/CVE-2014-5421.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5969.json b/2014/5xxx/CVE-2014-5969.json index ef7c02dd010..9a0c331e112 100644 --- a/2014/5xxx/CVE-2014-5969.json +++ b/2014/5xxx/CVE-2014-5969.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#800561", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/800561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#800561", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/800561" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2114.json b/2015/2xxx/CVE-2015-2114.json index 0decd266238..ebbc0eeb202 100644 --- a/2015/2xxx/CVE-2015-2114.json +++ b/2015/2xxx/CVE-2015-2114.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN03316", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04634535" - }, - { - "name" : "SSRT102005", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04634535" - }, - { - "name" : "74054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN03316", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04634535" + }, + { + "name": "74054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74054" + }, + { + "name": "SSRT102005", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04634535" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2144.json b/2015/2xxx/CVE-2015-2144.json index d3abebce100..604e70b5d9b 100644 --- a/2015/2xxx/CVE-2015-2144.json +++ b/2015/2xxx/CVE-2015-2144.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150227 Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/28/1" - }, - { - "name" : "https://github.com/a-v-k/phpBugTracker/issues/4", - "refsource" : "CONFIRM", - "url" : "https://github.com/a-v-k/phpBugTracker/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/a-v-k/phpBugTracker/issues/4", + "refsource": "CONFIRM", + "url": "https://github.com/a-v-k/phpBugTracker/issues/4" + }, + { + "name": "[oss-security] 20150227 Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/28/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2364.json b/2015/2xxx/CVE-2015-2364.json index 09c3adc25a7..73052ff183c 100644 --- a/2015/2xxx/CVE-2015-2364.json +++ b/2015/2xxx/CVE-2015-2364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka \"Graphics Component EOP Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-072" - }, - { - "name" : "1032902", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka \"Graphics Component EOP Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-072" + }, + { + "name": "1032902", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032902" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2675.json b/2015/2xxx/CVE-2015-2675.json index 91be660edec..d75da15475a 100644 --- a/2015/2xxx/CVE-2015-2675.json +++ b/2015/2xxx/CVE-2015-2675.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150323 Re: CVE request: Invalid pointer dereference in the GNOME librest library", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/23/8" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=742644", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=742644" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183982", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183982" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199049", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199049" - }, - { - "name" : "https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329" - }, - { - "name" : "RHSA-2015:2237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2237.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=742644", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=742644" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1199049", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199049" + }, + { + "name": "RHSA-2015:2237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2237.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1183982", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183982" + }, + { + "name": "[oss-security] 20150323 Re: CVE request: Invalid pointer dereference in the GNOME librest library", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/23/8" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2709.json b/2015/2xxx/CVE-2015-2709.json index 96e35b0178e..13eef8c97ac 100644 --- a/2015/2xxx/CVE-2015-2709.json +++ b/2015/2xxx/CVE-2015-2709.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-46.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111251", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111251" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1117977", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1117977" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128064", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128064" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135066", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135066" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1143194", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1143194" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1146101", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1146101" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1149526", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1149526" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1153688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1153688" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1155474", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1155474" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "RHSA-2015:1012", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1012.html" - }, - { - "name" : "SUSE-SU-2015:0960", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html" - }, - { - "name" : "openSUSE-SU-2015:0934", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html" - }, - { - "name" : "SUSE-SU-2015:0978", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html" - }, - { - "name" : "USN-2602-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2602-1" - }, - { - "name" : "74615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2602-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2602-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111251", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111251" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1117977", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1117977" + }, + { + "name": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153688", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1153688" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1143194", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1143194" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1155474", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1155474" + }, + { + "name": "SUSE-SU-2015:0978", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128064", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128064" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-46.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146101", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1146101" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135066", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135066" + }, + { + "name": "openSUSE-SU-2015:0934", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html" + }, + { + "name": "SUSE-SU-2015:0960", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149526", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1149526" + }, + { + "name": "RHSA-2015:1012", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1012.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "74615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74615" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6946.json b/2015/6xxx/CVE-2015-6946.json index 4765ebabc99..68e87387086 100644 --- a/2015/6xxx/CVE-2015-6946.json +++ b/2015/6xxx/CVE-2015-6946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-416", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-416" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-412", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-412" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-414/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-414/" - }, - { - "name" : "https://redr2e.com/cve-to-poc-cve-2015-6946/", - "refsource" : "MISC", - "url" : "https://redr2e.com/cve-to-poc-cve-2015-6946/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-414/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-414/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-416", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-416" + }, + { + "name": "https://redr2e.com/cve-to-poc-cve-2015-6946/", + "refsource": "MISC", + "url": "https://redr2e.com/cve-to-poc-cve-2015-6946/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-412", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-412" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000189.json b/2016/1000xxx/CVE-2016-1000189.json index 58328296691..32f6ccd88b6 100644 --- a/2016/1000xxx/CVE-2016-1000189.json +++ b/2016/1000xxx/CVE-2016-1000189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10004.json b/2016/10xxx/CVE-2016-10004.json index bbfcb869d63..3f95e723ba0 100644 --- a/2016/10xxx/CVE-2016-10004.json +++ b/2016/10xxx/CVE-2016-10004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10231.json b/2016/10xxx/CVE-2016-10231.json index ec6f22f942c..21be52ad5e9 100644 --- a/2016/10xxx/CVE-2016-10231.json +++ b/2016/10xxx/CVE-2016-10231.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-04-03T00:00:00", - "ID" : "CVE-2016-10231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-04-03T00:00:00", + "ID": "CVE-2016-10231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97402" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97402" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10573.json b/2016/10xxx/CVE-2016-10573.json index 2bce7139139..65a99891ca1 100644 --- a/2016/10xxx/CVE-2016-10573.json +++ b/2016/10xxx/CVE-2016-10573.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "baryton-saxophone node module", - "version" : { - "version_data" : [ - { - "version_value" : "<3.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "baryton-saxophone node module", + "version": { + "version_data": [ + { + "version_value": "<3.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/240", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/240", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/240" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4146.json b/2016/4xxx/CVE-2016-4146.json index a1cba9fead0..b53b85fb7ac 100644 --- a/2016/4xxx/CVE-2016-4146.json +++ b/2016/4xxx/CVE-2016-4146.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4276.json b/2016/4xxx/CVE-2016-4276.json index 34bad67deb5..0b9d8ab2050 100644 --- a/2016/4xxx/CVE-2016-4276.json +++ b/2016/4xxx/CVE-2016-4276.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "92930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92930" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "92930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92930" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4929.json b/2016/4xxx/CVE-2016-4929.json index 201b10e6baa..c667fb63c04 100644 --- a/2016/4xxx/CVE-2016-4929.json +++ b/2016/4xxx/CVE-2016-4929.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2016-4929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" - }, - { - "name" : "93540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93540" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4999.json b/2016/4xxx/CVE-2016-4999.json index 92e56a87a77..9e9ec909e58 100644 --- a/2016/4xxx/CVE-2016-4999.json +++ b/2016/4xxx/CVE-2016-4999.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349990", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349990" - }, - { - "name" : "https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b", - "refsource" : "CONFIRM", - "url" : "https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b" - }, - { - "name" : "https://issues.jboss.org/browse/DASHBUILDE-113", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/DASHBUILDE-113" - }, - { - "name" : "RHSA-2016:1428", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1428" - }, - { - "name" : "RHSA-2016:1429", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1429" - }, - { - "name" : "91795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1429", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1429" + }, + { + "name": "https://issues.jboss.org/browse/DASHBUILDE-113", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/DASHBUILDE-113" + }, + { + "name": "RHSA-2016:1428", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1428" + }, + { + "name": "91795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91795" + }, + { + "name": "https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b", + "refsource": "CONFIRM", + "url": "https://github.com/dashbuilder/dashbuilder/commit/8574899e3b6455547b534f570b2330ff772e524b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349990", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349990" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8198.json b/2016/8xxx/CVE-2016-8198.json index 9de9728e9e1..689a822a128 100644 --- a/2016/8xxx/CVE-2016-8198.json +++ b/2016/8xxx/CVE-2016-8198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8198", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8681.json b/2016/8xxx/CVE-2016-8681.json index e114339e643..79f0ff74527 100644 --- a/2016/8xxx/CVE-2016-8681.json +++ b/2016/8xxx/CVE-2016-8681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/5" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385690", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385690" - }, - { - "name" : "93592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/5" + }, + { + "name": "93592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93592" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9438.json b/2016/9xxx/CVE-2016-9438.json index 0eda92fc9c7..57394d431e7 100644 --- a/2016/9xxx/CVE-2016-9438.json +++ b/2016/9xxx/CVE-2016-9438.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/18", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/18" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/issues/18", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/18" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9523.json b/2016/9xxx/CVE-2016-9523.json index aff456509c1..11496b16fef 100644 --- a/2016/9xxx/CVE-2016-9523.json +++ b/2016/9xxx/CVE-2016-9523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9523", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9523", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9629.json b/2016/9xxx/CVE-2016-9629.json index 026f67ffdc4..7f78d53ab1f 100644 --- a/2016/9xxx/CVE-2016-9629.json +++ b/2016/9xxx/CVE-2016-9629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161123 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/24/1" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/40", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/40" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tats/w3m/issues/40", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/40" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "[oss-security] 20161123 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9636.json b/2016/9xxx/CVE-2016-9636.json index 7a1eb784b24..38ca462d1f1 100644 --- a/2016/9xxx/CVE-2016-9636.json +++ b/2016/9xxx/CVE-2016-9636.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161123 Re: CVE Request: gstreamer plugins", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/24/2" - }, - { - "name" : "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html", - "refsource" : "MISC", - "url" : "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774834", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774834" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" - }, - { - "name" : "DSA-3723", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3723" - }, - { - "name" : "DSA-3724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3724" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2016:2975", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2975.html" - }, - { - "name" : "RHSA-2017:0019", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0019.html" - }, - { - "name" : "RHSA-2017:0020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0020.html" - }, - { - "name" : "94499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3724" + }, + { + "name": "RHSA-2017:0019", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html" + }, + { + "name": "RHSA-2016:2975", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html" + }, + { + "name": "DSA-3723", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3723" + }, + { + "name": "RHSA-2017:0020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html" + }, + { + "name": "94499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94499" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" + }, + { + "name": "[oss-security] 20161123 Re: CVE Request: gstreamer plugins", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/24/2" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=774834", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=774834" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html", + "refsource": "MISC", + "url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9901.json b/2016/9xxx/CVE-2016-9901.json index 5d7c68b89b4..746ff5d1202 100644 --- a/2016/9xxx/CVE-2016-9901.json +++ b/2016/9xxx/CVE-2016-9901.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.6" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data from Pocket server improperly sanitized before execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.6" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50.1" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1320057", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1320057" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-94/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-94/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-95/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-95/" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:2946", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2946.html" - }, - { - "name" : "RHSA-2016:2973", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2973.html" - }, - { - "name" : "94885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94885" - }, - { - "name" : "1037461", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data from Pocket server improperly sanitized before execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-94/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-94/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-95/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-95/" + }, + { + "name": "94885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94885" + }, + { + "name": "1037461", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037461" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "RHSA-2016:2973", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320057", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1320057" + }, + { + "name": "RHSA-2016:2946", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9986.json b/2016/9xxx/CVE-2016-9986.json index 5bce0498ba5..a702d73e4e1 100644 --- a/2016/9xxx/CVE-2016-9986.json +++ b/2016/9xxx/CVE-2016-9986.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2016-9986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2016-9986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120552", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120552" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001007", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001007" - }, - { - "name" : "99353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120552", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120552" + }, + { + "name": "99353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99353" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001007", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001007" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003012.json b/2019/1003xxx/CVE-2019-1003012.json index 0041b0a6481..44fffc62ffb 100644 --- a/2019/1003xxx/CVE-2019-1003012.json +++ b/2019/1003xxx/CVE-2019-1003012.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-02-06T02:59:03.175680", - "ID" : "CVE-2019-1003012", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Blue Ocean Plugins", - "version" : { - "version_data" : [ - { - "version_value" : "1.10.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-02-06T02:59:03.175680", + "ID": "CVE-2019-1003012", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jenkins Blue Ocean Plugins", + "version": { + "version_data": [ + { + "version_value": "1.10.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201" - }, - { - "name" : "RHBA-2019:0326", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2019:0326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201" + }, + { + "name": "RHBA-2019:0326", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2019:0326" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2463.json b/2019/2xxx/CVE-2019-2463.json index d836f1e8fbf..699928d6666 100644 --- a/2019/2xxx/CVE-2019-2463.json +++ b/2019/2xxx/CVE-2019-2463.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2804.json b/2019/2xxx/CVE-2019-2804.json index 5985b25f790..005e3f90442 100644 --- a/2019/2xxx/CVE-2019-2804.json +++ b/2019/2xxx/CVE-2019-2804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2893.json b/2019/2xxx/CVE-2019-2893.json index f7f08875d98..9f0e9830ddd 100644 --- a/2019/2xxx/CVE-2019-2893.json +++ b/2019/2xxx/CVE-2019-2893.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2893", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2893", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3363.json b/2019/3xxx/CVE-2019-3363.json index 196af653941..782b85de5f0 100644 --- a/2019/3xxx/CVE-2019-3363.json +++ b/2019/3xxx/CVE-2019-3363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3634.json b/2019/3xxx/CVE-2019-3634.json index f4a2da4a868..8627307fc4c 100644 --- a/2019/3xxx/CVE-2019-3634.json +++ b/2019/3xxx/CVE-2019-3634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3757.json b/2019/3xxx/CVE-2019-3757.json index 90d443fac53..f796b78a2da 100644 --- a/2019/3xxx/CVE-2019-3757.json +++ b/2019/3xxx/CVE-2019-3757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3757", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3757", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3850.json b/2019/3xxx/CVE-2019-3850.json index c0b139cdf05..930e06cf471 100644 --- a/2019/3xxx/CVE-2019-3850.json +++ b/2019/3xxx/CVE-2019-3850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3850", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3850", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6133.json b/2019/6xxx/CVE-2019-6133.json index ea2e96638db..6a7652866c6 100644 --- a/2019/6xxx/CVE-2019-6133.json +++ b/2019/6xxx/CVE-2019-6133.json @@ -1,127 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692" - }, - { - "name" : "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf", - "refsource" : "MISC", - "url" : "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf" - }, - { - "name" : "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81" - }, - { - "name" : "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19" - }, - { - "name" : "RHSA-2019:0230", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0230" - }, - { - "name" : "RHSA-2019:0420", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0420" - }, - { - "name" : "USN-3901-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3901-1/" - }, - { - "name" : "USN-3901-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3901-2/" - }, - { - "name" : "USN-3903-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3903-1/" - }, - { - "name" : "USN-3903-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3903-2/" - }, - { - "name" : "USN-3908-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3908-1/" - }, - { - "name" : "USN-3908-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3908-2/" - }, - { - "name" : "106537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81" + }, + { + "name": "USN-3903-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3903-2/" + }, + { + "name": "RHSA-2019:0230", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0230" + }, + { + "name": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf", + "refsource": "MISC", + "url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf" + }, + { + "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3910-1", + "url": "https://usn.ubuntu.com/3910-1/" + }, + { + "name": "USN-3901-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3901-2/" + }, + { + "name": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692" + }, + { + "refsource": "UBUNTU", + "name": "USN-3910-2", + "url": "https://usn.ubuntu.com/3910-2/" + }, + { + "name": "RHSA-2019:0420", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0420" + }, + { + "name": "USN-3908-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3908-2/" + }, + { + "name": "USN-3901-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3901-1/" + }, + { + "name": "USN-3903-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3903-1/" + }, + { + "name": "106537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106537" + }, + { + "name": "USN-3908-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3908-1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6513.json b/2019/6xxx/CVE-2019-6513.json index 6fbf1723f57..45e37c18d41 100644 --- a/2019/6xxx/CVE-2019-6513.json +++ b/2019/6xxx/CVE-2019-6513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6574.json b/2019/6xxx/CVE-2019-6574.json index 507bec33429..e11218b0d32 100644 --- a/2019/6xxx/CVE-2019-6574.json +++ b/2019/6xxx/CVE-2019-6574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6766.json b/2019/6xxx/CVE-2019-6766.json index 712b4a179e0..a0104969c26 100644 --- a/2019/6xxx/CVE-2019-6766.json +++ b/2019/6xxx/CVE-2019-6766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6998.json b/2019/6xxx/CVE-2019-6998.json index 5c39f2711e8..d3a30e30191 100644 --- a/2019/6xxx/CVE-2019-6998.json +++ b/2019/6xxx/CVE-2019-6998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6998", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6998", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7068.json b/2019/7xxx/CVE-2019-7068.json index 9b2aff58b8e..8184cb2b3ed 100644 --- a/2019/7xxx/CVE-2019-7068.json +++ b/2019/7xxx/CVE-2019-7068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7484.json b/2019/7xxx/CVE-2019-7484.json index aa91b11f1a6..42d3ac20ca4 100644 --- a/2019/7xxx/CVE-2019-7484.json +++ b/2019/7xxx/CVE-2019-7484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7533.json b/2019/7xxx/CVE-2019-7533.json index 4c4c53e6ef1..86754fd6256 100644 --- a/2019/7xxx/CVE-2019-7533.json +++ b/2019/7xxx/CVE-2019-7533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7533", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7533", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7582.json b/2019/7xxx/CVE-2019-7582.json index 96df430c473..82e153ecaaf 100644 --- a/2019/7xxx/CVE-2019-7582.json +++ b/2019/7xxx/CVE-2019-7582.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/172", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/172", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/172" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8917.json b/2019/8xxx/CVE-2019-8917.json index ba6a55829f3..9c9f10ba3f7 100644 --- a/2019/8xxx/CVE-2019-8917.json +++ b/2019/8xxx/CVE-2019-8917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-001.md", - "refsource" : "MISC", - "url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-001.md" - }, - { - "name" : "107061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107061" + }, + { + "name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-001.md", + "refsource": "MISC", + "url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2019-001.md" + } + ] + } +} \ No newline at end of file