diff --git a/2007/2xxx/CVE-2007-2054.json b/2007/2xxx/CVE-2007-2054.json index 9a302bab497..c1f1bc5d63c 100644 --- a/2007/2xxx/CVE-2007-2054.json +++ b/2007/2xxx/CVE-2007-2054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070427 AFFLIB(TM): Multiple Format String Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467040/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt" - }, - { - "name" : "2657", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2657" - }, - { - "name" : "afflib-multiple-format-string(33969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2657", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2657" + }, + { + "name": "afflib-multiple-format-string(33969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33969" + }, + { + "name": "20070427 AFFLIB(TM): Multiple Format String Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467040/100/0/threaded" + }, + { + "name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt", + "refsource": "MISC", + "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2075.json b/2007/2xxx/CVE-2007-2075.json index f071f4215f9..6d1bb626360 100644 --- a/2007/2xxx/CVE-2007-2075.json +++ b/2007/2xxx/CVE-2007-2075.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1696780&group_id=101952&atid=630783", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1696780&group_id=101952&atid=630783" - }, - { - "name" : "23495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23495" - }, - { - "name" : "ADV-2007-1418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1418" - }, - { - "name" : "34966", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34966" - }, - { - "name" : "24903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24903" - }, - { - "name" : "scramdisk-directory-privilege-escalation(33677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24903" + }, + { + "name": "scramdisk-directory-privilege-escalation(33677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33677" + }, + { + "name": "ADV-2007-1418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1418" + }, + { + "name": "34966", + "refsource": "OSVDB", + "url": "http://osvdb.org/34966" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1696780&group_id=101952&atid=630783", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1696780&group_id=101952&atid=630783" + }, + { + "name": "23495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23495" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2770.json b/2007/2xxx/CVE-2007-2770.json index fa43cbd73eb..5cd219abe5e 100644 --- a/2007/2xxx/CVE-2007-2770.json +++ b/2007/2xxx/CVE-2007-2770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3934", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3934" - }, - { - "name" : "36198", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36198" - }, - { - "name" : "25282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25282" - }, - { - "name" : "eudora-smtp-server-bo(34324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3934", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3934" + }, + { + "name": "eudora-smtp-server-bo(34324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34324" + }, + { + "name": "36198", + "refsource": "OSVDB", + "url": "http://osvdb.org/36198" + }, + { + "name": "25282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25282" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2837.json b/2007/2xxx/CVE-2007-2837.json index 94567fe3c65..5e7f4f4900a 100644 --- a/2007/2xxx/CVE-2007-2837.json +++ b/2007/2xxx/CVE-2007-2837.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332" - }, - { - "name" : "DSA-1326", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1326" - }, - { - "name" : "24718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24718" - }, - { - "name" : "37803", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37803" - }, - { - "name" : "25900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25900" - }, - { - "name" : "25913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25913" - }, - { - "name" : "fireflier-getchains-symlink(35226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332" + }, + { + "name": "DSA-1326", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1326" + }, + { + "name": "24718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24718" + }, + { + "name": "fireflier-getchains-symlink(35226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35226" + }, + { + "name": "25900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25900" + }, + { + "name": "37803", + "refsource": "OSVDB", + "url": "http://osvdb.org/37803" + }, + { + "name": "25913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25913" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2959.json b/2007/2xxx/CVE-2007-2959.json index 70418fa6907..7ebd2261832 100644 --- a/2007/2xxx/CVE-2007-2959.json +++ b/2007/2xxx/CVE-2007-2959.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 cpcommerce < v1.1.0 [sql injection]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469910/100/0/threaded" - }, - { - "name" : "24223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24223" - }, - { - "name" : "38042", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38042" - }, - { - "name" : "2747", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2747" - }, - { - "name" : "cpcommerce-manufacturer-sql-injection(34573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpcommerce-manufacturer-sql-injection(34573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34573" + }, + { + "name": "38042", + "refsource": "OSVDB", + "url": "http://osvdb.org/38042" + }, + { + "name": "2747", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2747" + }, + { + "name": "24223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24223" + }, + { + "name": "20070529 cpcommerce < v1.1.0 [sql injection]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469910/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3457.json b/2007/3xxx/CVE-2007-3457.json index 850b1dbcf23..30f7ae0c5a6 100644 --- a/2007/3xxx/CVE-2007-3457.json +++ b/2007/3xxx/CVE-2007-3457.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-12.html" - }, - { - "name" : "GLSA-200708-01", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml" - }, - { - "name" : "103167", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1" - }, - { - "name" : "201506", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1" - }, - { - "name" : "SUSE-SA:2007:046", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html" - }, - { - "name" : "TA07-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-192A.html" - }, - { - "name" : "VU#138457", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/138457" - }, - { - "name" : "ADV-2007-2497", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2497" - }, - { - "name" : "ADV-2007-4190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4190" - }, - { - "name" : "38049", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/38049" - }, - { - "name" : "1018359", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018359" - }, - { - "name" : "26027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26027" - }, - { - "name" : "26118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26118" - }, - { - "name" : "26357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26357" - }, - { - "name" : "28068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28068" - }, - { - "name" : "flashplayer-swf-httpreferer-csrf(35338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28068" + }, + { + "name": "1018359", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018359" + }, + { + "name": "26357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26357" + }, + { + "name": "SUSE-SA:2007:046", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_46_flashplayer.html" + }, + { + "name": "201506", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201506-1" + }, + { + "name": "ADV-2007-4190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4190" + }, + { + "name": "38049", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/38049" + }, + { + "name": "GLSA-200708-01", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-01.xml" + }, + { + "name": "26027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26027" + }, + { + "name": "flashplayer-swf-httpreferer-csrf(35338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35338" + }, + { + "name": "TA07-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html" + }, + { + "name": "26118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26118" + }, + { + "name": "ADV-2007-2497", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2497" + }, + { + "name": "103167", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-12.html" + }, + { + "name": "VU#138457", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/138457" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6190.json b/2007/6xxx/CVE-2007-6190.json index 9390af76deb..176c2cc2c5a 100644 --- a/2007/6xxx/CVE-2007-6190.json +++ b/2007/6xxx/CVE-2007-6190.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf", - "refsource" : "MISC", - "url" : "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf" - }, - { - "name" : "20071128 Cisco Unified IP Phone Remote Eavesdropping", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html" - }, - { - "name" : "26668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26668" - }, - { - "name" : "ADV-2007-4036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4036" - }, - { - "name" : "40874", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40874" - }, - { - "name" : "1019006", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019006" - }, - { - "name" : "27829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26668" + }, + { + "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html" + }, + { + "name": "1019006", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019006" + }, + { + "name": "27829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27829" + }, + { + "name": "40874", + "refsource": "OSVDB", + "url": "http://osvdb.org/40874" + }, + { + "name": "ADV-2007-4036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4036" + }, + { + "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf", + "refsource": "MISC", + "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6496.json b/2007/6xxx/CVE-2007-6496.json index daa6f38e66f..cf3c121bf75 100644 --- a/2007/6xxx/CVE-2007-6496.json +++ b/2007/6xxx/CVE-2007-6496.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded" - }, - { - "name" : "4730", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4730" - }, - { - "name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" - }, - { - "name" : "26862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26862" - }, - { - "name" : "1019222", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019222" - }, - { - "name" : "28973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28973" - }, - { - "name" : "3474", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3474" - }, - { - "name" : "hostingcontroller-multiple-security-bypass(39038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28973" + }, + { + "name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded" + }, + { + "name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" + }, + { + "name": "3474", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3474" + }, + { + "name": "4730", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4730" + }, + { + "name": "26862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26862" + }, + { + "name": "1019222", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019222" + }, + { + "name": "hostingcontroller-multiple-security-bypass(39038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39038" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1132.json b/2010/1xxx/CVE-2010-1132.json index 654e5583052..2587ed83789 100644 --- a/2010/1xxx/CVE-2010-1132.json +++ b/2010/1xxx/CVE-2010-1132.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100307 Spamassassin Milter Plugin Remote Root", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html" - }, - { - "name" : "11662", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11662" - }, - { - "name" : "http://bugs.debian.org/573228", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/573228" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572117", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572117" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?29136", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?29136" - }, - { - "name" : "DSA-2021", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2021" - }, - { - "name" : "FEDORA-2010-5096", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html" - }, - { - "name" : "FEDORA-2010-5112", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html" - }, - { - "name" : "FEDORA-2010-5176", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html" - }, - { - "name" : "38578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38578" - }, - { - "name" : "62809", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62809" - }, - { - "name" : "1023691", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023691" - }, - { - "name" : "38840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38840" - }, - { - "name" : "38956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38956" - }, - { - "name" : "39265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39265" - }, - { - "name" : "ADV-2010-0559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0559" - }, - { - "name" : "ADV-2010-0683", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0683" - }, - { - "name" : "ADV-2010-0837", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0837" - }, - { - "name" : "spamassassin-expand-command-execution(56732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0559" + }, + { + "name": "20100307 Spamassassin Milter Plugin Remote Root", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html" + }, + { + "name": "ADV-2010-0683", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0683" + }, + { + "name": "39265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39265" + }, + { + "name": "ADV-2010-0837", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0837" + }, + { + "name": "38578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38578" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=572117", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=572117" + }, + { + "name": "DSA-2021", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2021" + }, + { + "name": "https://savannah.nongnu.org/bugs/?29136", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?29136" + }, + { + "name": "11662", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11662" + }, + { + "name": "http://bugs.debian.org/573228", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/573228" + }, + { + "name": "FEDORA-2010-5096", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html" + }, + { + "name": "1023691", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023691" + }, + { + "name": "62809", + "refsource": "OSVDB", + "url": "http://osvdb.org/62809" + }, + { + "name": "spamassassin-expand-command-execution(56732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56732" + }, + { + "name": "38956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38956" + }, + { + "name": "38840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38840" + }, + { + "name": "FEDORA-2010-5112", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html" + }, + { + "name": "FEDORA-2010-5176", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1381.json b/2010/1xxx/CVE-2010-1381.json index e8a4cef325e..e517be83f4b 100644 --- a/2010/1xxx/CVE-2010-1381.json +++ b/2010/1xxx/CVE-2010-1381.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "40871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40871" - }, - { - "name" : "1024103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024103" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "40871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40871" + }, + { + "name": "1024103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024103" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1402.json b/2010/1xxx/CVE-2010-1402.json index 6c1d927be9f..cb605d066ba 100644 --- a/2010/1xxx/CVE-2010-1402.json +++ b/2010/1xxx/CVE-2010-1402.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511723/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-100", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-100" - }, - { - "name" : "http://support.apple.com/kb/HT4196", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4196" - }, - { - "name" : "http://support.apple.com/kb/HT4220", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4220" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-06-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "40620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40620" - }, - { - "name" : "oval:org.mitre.oval:def:7071", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7071" - }, - { - "name" : "1024067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024067" - }, - { - "name" : "40105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40105" - }, - { - "name" : "40196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40196" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-1373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1373" - }, - { - "name" : "ADV-2010-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1512" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://support.apple.com/kb/HT4220", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4220" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "20100608 ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511723/100/0/threaded" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-100", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-100" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "APPLE-SA-2010-06-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:7071", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7071" + }, + { + "name": "40196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40196" + }, + { + "name": "40105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40105" + }, + { + "name": "ADV-2010-1373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1373" + }, + { + "name": "APPLE-SA-2010-06-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "ADV-2010-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1512" + }, + { + "name": "40620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40620" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "1024067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024067" + }, + { + "name": "http://support.apple.com/kb/HT4196", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4196" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1594.json b/2010/1xxx/CVE-2010-1594.json index 51e5cc7d3bf..047197dd29f 100644 --- a/2010/1xxx/CVE-2010-1594.json +++ b/2010/1xxx/CVE-2010-1594.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt" - }, - { - "name" : "MDVSA-2010:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" - }, - { - "name" : "61943", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61943" - }, - { - "name" : "38311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38311" - }, - { - "name" : "ocsinventoryng-index-xss(55874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61943", + "refsource": "OSVDB", + "url": "http://osvdb.org/61943" + }, + { + "name": "38311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38311" + }, + { + "name": "MDVSA-2010:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178" + }, + { + "name": "ocsinventoryng-index-xss(55874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1887.json b/2010/1xxx/CVE-2010-1887.json index 79e899ca58d..4c46af4c72c 100644 --- a/2010/1xxx/CVE-2010-1887.json +++ b/2010/1xxx/CVE-2010-1887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka \"Win32k Bounds Checking Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048" - }, - { - "name" : "oval:org.mitre.oval:def:11020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka \"Win32k Bounds Checking Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11020" + }, + { + "name": "MS10-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1965.json b/2010/1xxx/CVE-2010-1965.json index 96cf29d027b..3120860bc60 100644 --- a/2010/1xxx/CVE-2010-1965.json +++ b/2010/1xxx/CVE-2010-1965.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02548", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02280158" - }, - { - "name" : "SSRT100126", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02280158" - }, - { - "name" : "1024183", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024183" - }, - { - "name" : "40549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40549" - }, - { - "name" : "ADV-2010-1794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1794" + }, + { + "name": "40549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40549" + }, + { + "name": "SSRT100126", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02280158" + }, + { + "name": "HPSBMA02548", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02280158" + }, + { + "name": "1024183", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024183" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5321.json b/2010/5xxx/CVE-2010-5321.json index 3f815082e73..753d879e9f9 100644 --- a/2010/5xxx/CVE-2010-5321.json +++ b/2010/5xxx/CVE-2010-5321.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150208 Re: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() - Linux kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/08/4" - }, - { - "name" : "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29", - "refsource" : "MISC", - "url" : "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=120571", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=120571" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620629", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340" + }, + { + "name": "[oss-security] 20150208 Re: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() - Linux kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/08/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620629", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620629" + }, + { + "name": "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29", + "refsource": "MISC", + "url": "http://linuxtv.org/irc/v4l/index.php?date=2010-07-29" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=120571", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120571" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0125.json b/2014/0xxx/CVE-2014-0125.json index 44d4347337b..932a517f822 100644 --- a/2014/0xxx/CVE-2014-0125.json +++ b/2014/0xxx/CVE-2014-0125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140317 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/03/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=256422", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=256422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=256422", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=256422" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409" + }, + { + "name": "[oss-security] 20140317 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/03/17/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0366.json b/2014/0xxx/CVE-2014-0366.json index 18e9c286c34..7535ec3e6ba 100644 --- a/2014/0xxx/CVE-2014-0366.json +++ b/2014/0xxx/CVE-2014-0366.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64828" - }, - { - "name" : "102090", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102090" - }, - { - "name" : "1029619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029619" - }, - { - "name" : "56471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64828" + }, + { + "name": "1029619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029619" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "102090", + "refsource": "OSVDB", + "url": "http://osvdb.org/102090" + }, + { + "name": "56471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56471" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0368.json b/2014/0xxx/CVE-2014-0368.json index d2283e20d59..ea4e2bcdb90 100644 --- a/2014/0xxx/CVE-2014-0368.json +++ b/2014/0xxx/CVE-2014-0368.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1052919", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1052919" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676978", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676978" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" - }, - { - "name" : "RHSA-2014:0027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" - }, - { - "name" : "RHSA-2014:0097", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" - }, - { - "name" : "RHSA-2014:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "openSUSE-SU-2014:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" - }, - { - "name" : "openSUSE-SU-2014:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "USN-2124-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2124-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64930" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56432" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56486" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "59235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59235" - }, - { - "name" : "59339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56432" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2014:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html" + }, + { + "name": "openSUSE-SU-2014:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "RHSA-2014:0097", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1052919", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052919" + }, + { + "name": "64930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64930" + }, + { + "name": "59339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59339" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "RHSA-2014:0027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html" + }, + { + "name": "56486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56486" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "USN-2124-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2124-1" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676978", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676978" + }, + { + "name": "RHSA-2014:0026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + }, + { + "name": "59235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59235" + }, + { + "name": "openSUSE-SU-2014:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2014:0177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0403.json b/2014/0xxx/CVE-2014-0403.json index 445ed44b2e7..81a88ad2693 100644 --- a/2014/0xxx/CVE-2014-0403.json +++ b/2014/0xxx/CVE-2014-0403.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64920" - }, - { - "name" : "102006", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102006" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "oracle-cpujan2014-cve20140403(90338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "102006", + "refsource": "OSVDB", + "url": "http://osvdb.org/102006" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "64920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64920" + }, + { + "name": "oracle-cpujan2014-cve20140403(90338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90338" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0773.json b/2014/0xxx/CVE-2014-0773.json index 57b06f74a0d..14c2ac015b6 100644 --- a/2014/0xxx/CVE-2014-0773.json +++ b/2014/0xxx/CVE-2014-0773.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1215.json b/2014/1xxx/CVE-2014-1215.json index 56bb61f0493..76bcc14170c 100644 --- a/2014/1xxx/CVE-2014-1215.json +++ b/2014/1xxx/CVE-2014-1215.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140218 CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531144/100/0/threaded" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1215/" + }, + { + "name": "20140218 CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531144/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1626.json b/2014/1xxx/CVE-2014-1626.json index 630eddd390d..b0b6be594f6 100644 --- a/2014/1xxx/CVE-2014-1626.json +++ b/2014/1xxx/CVE-2014-1626.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Koha] 20140122 SECURITY release: MARC::File::XML 1.0.2", - "refsource" : "MLIST", - "url" : "http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html" - }, - { - "name" : "[OPEN-ILS-GENERAL] 20140121 SECURITY release: MARC::File::XML 1.0.2", - "refsource" : "MLIST", - "url" : "http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html" - }, - { - "name" : "http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html", - "refsource" : "CONFIRM", - "url" : "http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html" - }, - { - "name" : "https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes", - "refsource" : "CONFIRM", - "url" : "https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes" - }, - { - "name" : "65057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65057" - }, - { - "name" : "102367", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102367" - }, - { - "name" : "55404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55404" - }, - { - "name" : "marcfile-xml-info-disc(90620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102367", + "refsource": "OSVDB", + "url": "http://osvdb.org/102367" + }, + { + "name": "marcfile-xml-info-disc(90620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90620" + }, + { + "name": "55404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55404" + }, + { + "name": "65057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65057" + }, + { + "name": "https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes", + "refsource": "CONFIRM", + "url": "https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes" + }, + { + "name": "http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html", + "refsource": "CONFIRM", + "url": "http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html" + }, + { + "name": "[Koha] 20140122 SECURITY release: MARC::File::XML 1.0.2", + "refsource": "MLIST", + "url": "http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html" + }, + { + "name": "[OPEN-ILS-GENERAL] 20140121 SECURITY release: MARC::File::XML 1.0.2", + "refsource": "MLIST", + "url": "http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1920.json b/2014/1xxx/CVE-2014-1920.json index b770044ee6d..509bf29b40f 100644 --- a/2014/1xxx/CVE-2014-1920.json +++ b/2014/1xxx/CVE-2014-1920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1920", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5385.json b/2014/5xxx/CVE-2014-5385.json index 4f22b148818..f83700a1390 100644 --- a/2014/5xxx/CVE-2014-5385.json +++ b/2014/5xxx/CVE-2014-5385.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532726/100/0/threaded" - }, - { - "name" : "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/38" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532726/100/0/threaded" + }, + { + "name": "20140710 SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/38" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5515.json b/2014/5xxx/CVE-2014-5515.json index 293789b0716..20da4e8c499 100644 --- a/2014/5xxx/CVE-2014-5515.json +++ b/2014/5xxx/CVE-2014-5515.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5515", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5766.json b/2014/5xxx/CVE-2014-5766.json index cb3a6367bfe..06ef726f326 100644 --- a/2014/5xxx/CVE-2014-5766.json +++ b/2014/5xxx/CVE-2014-5766.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#287873", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/287873" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#287873", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/287873" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2205.json b/2015/2xxx/CVE-2015-2205.json index bb55fb80c62..d7bfd60f0c3 100644 --- a/2015/2xxx/CVE-2015-2205.json +++ b/2015/2xxx/CVE-2015-2205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2224.json b/2015/2xxx/CVE-2015-2224.json index 6a0ad9099dc..ac5a7344177 100644 --- a/2015/2xxx/CVE-2015-2224.json +++ b/2015/2xxx/CVE-2015-2224.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2224", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2224", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10078.json b/2016/10xxx/CVE-2016-10078.json index a17e0f3e007..d29d2ddf0d0 100644 --- a/2016/10xxx/CVE-2016-10078.json +++ b/2016/10xxx/CVE-2016-10078.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10078", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10078", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10114.json b/2016/10xxx/CVE-2016-10114.json index 8e0d6f843f7..6a662d62112 100644 --- a/2016/10xxx/CVE-2016-10114.json +++ b/2016/10xxx/CVE-2016-10114.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the \"aWeb Cart Watching System for Virtuemart\" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40973", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40973/" - }, - { - "name" : "https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0", - "refsource" : "MISC", - "url" : "https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0" - }, - { - "name" : "https://github.com/qemm/joomlasqli", - "refsource" : "MISC", - "url" : "https://github.com/qemm/joomlasqli" - }, - { - "name" : "95293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the \"aWeb Cart Watching System for Virtuemart\" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95293" + }, + { + "name": "40973", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40973/" + }, + { + "name": "https://github.com/qemm/joomlasqli", + "refsource": "MISC", + "url": "https://github.com/qemm/joomlasqli" + }, + { + "name": "https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0", + "refsource": "MISC", + "url": "https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4157.json b/2016/4xxx/CVE-2016-4157.json index 4010ed0af51..04f1230fceb 100644 --- a/2016/4xxx/CVE-2016-4157.json +++ b/2016/4xxx/CVE-2016-4157.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4418.json b/2016/4xxx/CVE-2016-4418.json index 556863da890..ddca7fa97e1 100644 --- a/2016/4xxx/CVE-2016-4418.json +++ b/2016/4xxx/CVE-2016-4418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2016-15.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2016-15.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "openSUSE-SU-2016:0660", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0661", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0661", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:0660", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12106" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2016-15.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2016-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4665.json b/2016/4xxx/CVE-2016-4665.json index 68a984b9abf..d6378bbe6ad 100644 --- a/2016/4xxx/CVE-2016-4665.json +++ b/2016/4xxx/CVE-2016-4665.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Sandbox Profiles\" component, which allows attackers to read audio-recording metadata via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207269", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207269" - }, - { - "name" : "https://support.apple.com/HT207270", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207270" - }, - { - "name" : "https://support.apple.com/HT207271", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207271" - }, - { - "name" : "93854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93854" - }, - { - "name" : "1037088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Sandbox Profiles\" component, which allows attackers to read audio-recording metadata via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207271", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207271" + }, + { + "name": "1037088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037088" + }, + { + "name": "93854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93854" + }, + { + "name": "https://support.apple.com/HT207269", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207269" + }, + { + "name": "https://support.apple.com/HT207270", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207270" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8299.json b/2016/8xxx/CVE-2016-8299.json index 2b604f8522d..2d3986e67c7 100644 --- a/2016/8xxx/CVE-2016-8299.json +++ b/2016/8xxx/CVE-2016-8299.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0" - }, - { - "version_value" : "11.4.0" - }, - { - "version_value" : "12.0.1" - }, - { - "version_value" : "12.0.2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "12.1.0" - }, - { - "version_value" : "12.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "11.3.0" + }, + { + "version_value": "11.4.0" + }, + { + "version_value": "12.0.1" + }, + { + "version_value": "12.0.2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "12.1.0" + }, + { + "version_value": "12.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95547" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95547" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8334.json b/2016/8xxx/CVE-2016-8334.json index ca0870875d4..311d798cc03 100644 --- a/2016/8xxx/CVE-2016-8334.json +++ b/2016/8xxx/CVE-2016-8334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2016-8334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.2.805" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2016-8334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.0.2.805" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0201/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0201/" - }, - { - "name" : "93799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93799" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0201/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0201/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8635.json b/2016/8xxx/CVE-2016-8635.json index 6d67b415ed3..e6cb6db994a 100644 --- a/2016/8xxx/CVE-2016-8635.json +++ b/2016/8xxx/CVE-2016-8635.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nss", - "version" : { - "version_data" : [ - { - "version_value" : "3.21.x" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-358" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nss", + "version": { + "version_data": [ + { + "version_value": "3.21.x" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635" - }, - { - "name" : "GLSA-201701-46", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-46" - }, - { - "name" : "RHSA-2016:2779", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2779.html" - }, - { - "name" : "94346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635" + }, + { + "name": "RHSA-2016:2779", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html" + }, + { + "name": "GLSA-201701-46", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-46" + }, + { + "name": "94346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94346" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8776.json b/2016/8xxx/CVE-2016-8776.json index 26f43967555..850f401076a 100644 --- a/2016/8xxx/CVE-2016-8776.json +++ b/2016/8xxx/CVE-2016-8776.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,", - "version" : { - "version_data" : [ - { - "version_value" : "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185," - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Factory Reset Protection (FRP) bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185,", + "version": { + "version_data": [ + { + "version_value": "P9, P9 Lite EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00,VNS-L21C185," + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en" - }, - { - "name" : "94836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Factory Reset Protection (FRP) bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94836" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8946.json b/2016/8xxx/CVE-2016-8946.json index aeef4972c2c..7e3aa1d5845 100644 --- a/2016/8xxx/CVE-2016-8946.json +++ b/2016/8xxx/CVE-2016-8946.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2016-8946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Sourcing", - "version" : { - "version_data" : [ - { - "version_value" : " 9.5" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.0.2" - }, - { - "version_value" : "10.0.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2016-8946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Sourcing", + "version": { + "version_data": [ + { + "version_value": " 9.5" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.0.2" + }, + { + "version_value": "10.0.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005549", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005549" - }, - { - "name" : "99545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549" + }, + { + "name": "99545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99545" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9268.json b/2016/9xxx/CVE-2016-9268.json index 0163b88384b..58a6528b53c 100644 --- a/2016/9xxx/CVE-2016-9268.json +++ b/2016/9xxx/CVE-2016-9268.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the Blog appearance in the \"Install or upgrade manually\" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2", - "refsource" : "CONFIRM", - "url" : "http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2" - }, - { - "name" : "http://dev.dotclear.org/2.0/ticket/2214", - "refsource" : "CONFIRM", - "url" : "http://dev.dotclear.org/2.0/ticket/2214" - }, - { - "name" : "94246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the Blog appearance in the \"Install or upgrade manually\" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.dotclear.org/2.0/ticket/2214", + "refsource": "CONFIRM", + "url": "http://dev.dotclear.org/2.0/ticket/2214" + }, + { + "name": "94246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94246" + }, + { + "name": "http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2", + "refsource": "CONFIRM", + "url": "http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9315.json b/2016/9xxx/CVE-2016-9315.json index fdeab837a81..3e52feed21a 100644 --- a/2016/9xxx/CVE-2016-9315.json +++ b/2016/9xxx/CVE-2016-9315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/solution/1116672", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1116672" - }, - { - "name" : "96252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96252" - }, - { - "name" : "1037849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96252" + }, + { + "name": "https://success.trendmicro.com/solution/1116672", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1116672" + }, + { + "name": "1037849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037849" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9536.json b/2016/9xxx/CVE-2016-9536.json index 29f0b5d4aec..1adc2b9ef7f 100644 --- a/2016/9xxx/CVE-2016-9536.json +++ b/2016/9xxx/CVE-2016-9536.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "RHSA-2017:0225", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0225.html" - }, - { - "name" : "94484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94484" - }, - { - "name" : "94745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0225", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html" + }, + { + "name": "94484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94484" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + }, + { + "name": "94745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94745" + }, + { + "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9539.json b/2016/9xxx/CVE-2016-9539.json index 16f76f30dee..3ac408afc67 100644 --- a/2016/9xxx/CVE-2016-9539.json +++ b/2016/9xxx/CVE-2016-9539.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53" - }, - { - "name" : "94484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94484" - }, - { - "name" : "94754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94484" + }, + { + "name": "94754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94754" + }, + { + "name": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9650.json b/2016/9xxx/CVE-2016-9650.json index d728cb27843..d88ac8edf0c 100644 --- a/2016/9xxx/CVE-2016-9650.json +++ b/2016/9xxx/CVE-2016-9650.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-9650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-9650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/653034", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/653034" - }, - { - "name" : "GLSA-201612-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-11" - }, - { - "name" : "RHSA-2016:2919", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2919.html" - }, - { - "name" : "94633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2919", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2919.html" + }, + { + "name": "94633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94633" + }, + { + "name": "https://crbug.com/653034", + "refsource": "CONFIRM", + "url": "https://crbug.com/653034" + }, + { + "name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201612-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-11" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2253.json b/2019/2xxx/CVE-2019-2253.json index dff4ae70c78..f41f14cbf6b 100644 --- a/2019/2xxx/CVE-2019-2253.json +++ b/2019/2xxx/CVE-2019-2253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2294.json b/2019/2xxx/CVE-2019-2294.json index aa35e831f0f..66ed583240f 100644 --- a/2019/2xxx/CVE-2019-2294.json +++ b/2019/2xxx/CVE-2019-2294.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2294", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2294", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2326.json b/2019/2xxx/CVE-2019-2326.json index ddb3e9a14a7..58516999f21 100644 --- a/2019/2xxx/CVE-2019-2326.json +++ b/2019/2xxx/CVE-2019-2326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2637.json b/2019/2xxx/CVE-2019-2637.json index ec6fb6efe32..855725358f0 100644 --- a/2019/2xxx/CVE-2019-2637.json +++ b/2019/2xxx/CVE-2019-2637.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2637", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2637", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2751.json b/2019/2xxx/CVE-2019-2751.json index f5ed9a4d587..2080afcb2a5 100644 --- a/2019/2xxx/CVE-2019-2751.json +++ b/2019/2xxx/CVE-2019-2751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6291.json b/2019/6xxx/CVE-2019-6291.json index 801f30f093b..2d9ec764700 100644 --- a/2019/6xxx/CVE-2019-6291.json +++ b/2019/6xxx/CVE-2019-6291.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392549" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6455.json b/2019/6xxx/CVE-2019-6455.json index e842e16cae3..dfc88fb6fd3 100644 --- a/2019/6xxx/CVE-2019-6455.json +++ b/2019/6xxx/CVE-2019-6455.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/recutils", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/recutils" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/recutils", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/recutils" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6660.json b/2019/6xxx/CVE-2019-6660.json index 45ceb129191..de4c19e07ec 100644 --- a/2019/6xxx/CVE-2019-6660.json +++ b/2019/6xxx/CVE-2019-6660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6807.json b/2019/6xxx/CVE-2019-6807.json index 85d3574bc2f..250dfbde0c1 100644 --- a/2019/6xxx/CVE-2019-6807.json +++ b/2019/6xxx/CVE-2019-6807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7110.json b/2019/7xxx/CVE-2019-7110.json index 9388d2d452a..cd31489da75 100644 --- a/2019/7xxx/CVE-2019-7110.json +++ b/2019/7xxx/CVE-2019-7110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7273.json b/2019/7xxx/CVE-2019-7273.json index 74d2394c4f1..47c60e342a4 100644 --- a/2019/7xxx/CVE-2019-7273.json +++ b/2019/7xxx/CVE-2019-7273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7342.json b/2019/7xxx/CVE-2019-7342.json index b206f68d78c..19e528d8c0f 100644 --- a/2019/7xxx/CVE-2019-7342.json +++ b/2019/7xxx/CVE-2019-7342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2461", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2461", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2461" + } + ] + } +} \ No newline at end of file