diff --git a/2006/5xxx/CVE-2006-5389.json b/2006/5xxx/CVE-2006-5389.json index 349bca4c7f0..8825381dd16 100644 --- a/2006/5xxx/CVE-2006-5389.json +++ b/2006/5xxx/CVE-2006-5389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061014 Full Path Disclosure in PHP-Wyana", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448789/100/0/threaded" - }, - { - "name" : "1743", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1743" - }, - { - "name" : "phpwyana-tellhim-path-disclosure(29601)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1743", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1743" + }, + { + "name": "20061014 Full Path Disclosure in PHP-Wyana", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448789/100/0/threaded" + }, + { + "name": "phpwyana-tellhim-path-disclosure(29601)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29601" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5834.json b/2006/5xxx/CVE-2006-5834.json index 94cc5719b35..199775f5282 100644 --- a/2006/5xxx/CVE-2006-5834.json +++ b/2006/5xxx/CVE-2006-5834.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2719", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2719" - }, - { - "name" : "20923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20923" - }, - { - "name" : "ADV-2006-4402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4402" - }, - { - "name" : "22703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22703" - }, - { - "name" : "quickcmslite-general-file-include(30024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickcmslite-general-file-include(30024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30024" + }, + { + "name": "20923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20923" + }, + { + "name": "ADV-2006-4402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4402" + }, + { + "name": "22703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22703" + }, + { + "name": "2719", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2719" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2165.json b/2007/2xxx/CVE-2007-2165.json index 7e870568c32..cb25f4b9349 100644 --- a/2007/2xxx/CVE-2007-2165.json +++ b/2007/2xxx/CVE-2007-2165.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=2922", - "refsource" : "CONFIRM", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=2922" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=237533", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=237533" - }, - { - "name" : "FEDORA-2007-2613", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html" - }, - { - "name" : "MDKSA-2007:130", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130" - }, - { - "name" : "23546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23546" - }, - { - "name" : "ADV-2007-1444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1444" - }, - { - "name" : "34602", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34602" - }, - { - "name" : "1017931", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017931" - }, - { - "name" : "24867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24867" - }, - { - "name" : "25724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25724" - }, - { - "name" : "27516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27516" - }, - { - "name" : "proftpd-authapi-security-bypass(33733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=2922", + "refsource": "CONFIRM", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=2922" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=237533", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533" + }, + { + "name": "MDKSA-2007:130", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130" + }, + { + "name": "25724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25724" + }, + { + "name": "23546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23546" + }, + { + "name": "24867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24867" + }, + { + "name": "34602", + "refsource": "OSVDB", + "url": "http://osvdb.org/34602" + }, + { + "name": "ADV-2007-1444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1444" + }, + { + "name": "1017931", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017931" + }, + { + "name": "FEDORA-2007-2613", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html" + }, + { + "name": "27516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27516" + }, + { + "name": "proftpd-authapi-security-bypass(33733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2510.json b/2007/2xxx/CVE-2007-2510.json index 5ce677ead47..daaa19ab241 100644 --- a/2007/2xxx/CVE-2007-2510.json +++ b/2007/2xxx/CVE-2007-2510.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"/\" (slash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://us2.php.net/releases/5_2_2.php", - "refsource" : "CONFIRM", - "url" : "http://us2.php.net/releases/5_2_2.php" - }, - { - "name" : "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6", - "refsource" : "CONFIRM", - "url" : "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6" - }, - { - "name" : "DSA-1295", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1295" - }, - { - "name" : "GLSA-200705-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-19.xml" - }, - { - "name" : "MDKSA-2007:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:102" - }, - { - "name" : "RHSA-2007:0348", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2007-0348.html" - }, - { - "name" : "RHSA-2007:0355", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0355.html" - }, - { - "name" : "SUSE-SA:2007:044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html" - }, - { - "name" : "2007-0017", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0017/" - }, - { - "name" : "USN-462-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-462-1" - }, - { - "name" : "23813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23813" - }, - { - "name" : "24034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24034" - }, - { - "name" : "34675", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34675" - }, - { - "name" : "oval:org.mitre.oval:def:10715", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715" - }, - { - "name" : "1018023", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018023" - }, - { - "name" : "25187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25187" - }, - { - "name" : "25191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25191" - }, - { - "name" : "25318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25318" - }, - { - "name" : "25255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25255" - }, - { - "name" : "25372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25372" - }, - { - "name" : "25445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25445" - }, - { - "name" : "26048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"/\" (slash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25187" + }, + { + "name": "25191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25191" + }, + { + "name": "USN-462-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-462-1" + }, + { + "name": "MDKSA-2007:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:102" + }, + { + "name": "26048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26048" + }, + { + "name": "RHSA-2007:0355", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0355.html" + }, + { + "name": "GLSA-200705-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" + }, + { + "name": "2007-0017", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0017/" + }, + { + "name": "23813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23813" + }, + { + "name": "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6", + "refsource": "CONFIRM", + "url": "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6" + }, + { + "name": "DSA-1295", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1295" + }, + { + "name": "25318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25318" + }, + { + "name": "34675", + "refsource": "OSVDB", + "url": "http://osvdb.org/34675" + }, + { + "name": "oval:org.mitre.oval:def:10715", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715" + }, + { + "name": "24034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24034" + }, + { + "name": "http://us2.php.net/releases/5_2_2.php", + "refsource": "CONFIRM", + "url": "http://us2.php.net/releases/5_2_2.php" + }, + { + "name": "1018023", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018023" + }, + { + "name": "25255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25255" + }, + { + "name": "25445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25445" + }, + { + "name": "25372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25372" + }, + { + "name": "RHSA-2007:0348", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2007-0348.html" + }, + { + "name": "SUSE-SA:2007:044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2529.json b/2007/2xxx/CVE-2007-2529.json index de44ba11603..082bc3a2020 100644 --- a/2007/2xxx/CVE-2007-2529.json +++ b/2007/2xxx/CVE-2007-2529.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070507 Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524" - }, - { - "name" : "102869", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1" - }, - { - "name" : "23863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23863" - }, - { - "name" : "34906", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34906" - }, - { - "name" : "ADV-2007-1683", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1683" - }, - { - "name" : "oval:org.mitre.oval:def:1669", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669" - }, - { - "name" : "1018009", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018009" - }, - { - "name" : "25162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25162" - }, - { - "name" : "solaris-acl-system-dos(34147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1683", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1683" + }, + { + "name": "34906", + "refsource": "OSVDB", + "url": "http://osvdb.org/34906" + }, + { + "name": "1018009", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018009" + }, + { + "name": "102869", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1" + }, + { + "name": "oval:org.mitre.oval:def:1669", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669" + }, + { + "name": "20070507 Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524" + }, + { + "name": "solaris-acl-system-dos(34147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34147" + }, + { + "name": "25162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25162" + }, + { + "name": "23863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23863" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2799.json b/2007/2xxx/CVE-2007-2799.json index c09fd870787..8c414d7c149 100644 --- a/2007/2xxx/CVE-2007-2799.json +++ b/2007/2xxx/CVE-2007-2799.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2007-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070524 FLEA-2007-0022-1: file", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469520/30/6420/threaded" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1311", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1311" - }, - { - "name" : "http://www.amavis.org/security/asa-2007-3.txt", - "refsource" : "CONFIRM", - "url" : "http://www.amavis.org/security/asa-2007-3.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "DSA-1343", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1343" - }, - { - "name" : "GLSA-200705-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml" - }, - { - "name" : "MDKSA-2007:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114" - }, - { - "name" : "NetBSD-SA2008-001", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc" - }, - { - "name" : "RHSA-2007:0391", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0391.html" - }, - { - "name" : "SUSE-SA:2007:040", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_40_file.html" - }, - { - "name" : "2007-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0024/" - }, - { - "name" : "USN-439-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-439-2" - }, - { - "name" : "24146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24146" - }, - { - "name" : "38498", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38498" - }, - { - "name" : "oval:org.mitre.oval:def:11012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012" - }, - { - "name" : "ADV-2007-2071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2071" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "1018140", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018140" - }, - { - "name" : "25394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25394" - }, - { - "name" : "25544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25544" - }, - { - "name" : "25578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25578" - }, - { - "name" : "25931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25931" - }, - { - "name" : "26203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26203" - }, - { - "name" : "26294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26294" - }, - { - "name" : "26415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26415" - }, - { - "name" : "29179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29179" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "file-assert-code-execution(34731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1343", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1343" + }, + { + "name": "29179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29179" + }, + { + "name": "2007-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0024/" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022" + }, + { + "name": "26415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26415" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "1018140", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018140" + }, + { + "name": "SUSE-SA:2007:040", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_40_file.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1311", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1311" + }, + { + "name": "25931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25931" + }, + { + "name": "http://www.amavis.org/security/asa-2007-3.txt", + "refsource": "CONFIRM", + "url": "http://www.amavis.org/security/asa-2007-3.txt" + }, + { + "name": "25544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25544" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "MDKSA-2007:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114" + }, + { + "name": "RHSA-2007:0391", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html" + }, + { + "name": "25578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25578" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "20070524 FLEA-2007-0022-1: file", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded" + }, + { + "name": "file-assert-code-execution(34731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731" + }, + { + "name": "ADV-2007-2071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2071" + }, + { + "name": "25394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25394" + }, + { + "name": "NetBSD-SA2008-001", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "26294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26294" + }, + { + "name": "26203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26203" + }, + { + "name": "GLSA-200705-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml" + }, + { + "name": "oval:org.mitre.oval:def:11012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012" + }, + { + "name": "24146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24146" + }, + { + "name": "38498", + "refsource": "OSVDB", + "url": "http://osvdb.org/38498" + }, + { + "name": "USN-439-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-439-2" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2990.json b/2007/2xxx/CVE-2007-2990.json index 2453bffcc0e..f835ccea448 100644 --- a/2007/2xxx/CVE-2007-2990.json +++ b/2007/2xxx/CVE-2007-2990.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102921", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1" - }, - { - "name" : "24213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24213" - }, - { - "name" : "ADV-2007-1984", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1984" - }, - { - "name" : "36585", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36585" - }, - { - "name" : "oval:org.mitre.oval:def:2032", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2032" - }, - { - "name" : "1018133", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018133" - }, - { - "name" : "25450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25450" - }, - { - "name" : "solaris-inetd-dos(34577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-inetd-dos(34577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34577" + }, + { + "name": "102921", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1" + }, + { + "name": "36585", + "refsource": "OSVDB", + "url": "http://osvdb.org/36585" + }, + { + "name": "24213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24213" + }, + { + "name": "oval:org.mitre.oval:def:2032", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2032" + }, + { + "name": "25450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25450" + }, + { + "name": "ADV-2007-1984", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1984" + }, + { + "name": "1018133", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018133" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3447.json b/2007/3xxx/CVE-2007-3447.json index be3adfafe95..ad5d0fa4452 100644 --- a/2007/3xxx/CVE-2007-3447.json +++ b/2007/3xxx/CVE-2007-3447.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the \"basic search box.\" NOTE: 4.0.2 and other versions might also be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4103", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4103" - }, - { - "name" : "http://www.h4cky0u.org/viewtopic.php?t=26834", - "refsource" : "MISC", - "url" : "http://www.h4cky0u.org/viewtopic.php?t=26834" - }, - { - "name" : "24629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24629" - }, - { - "name" : "ADV-2007-2322", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2322" - }, - { - "name" : "38223", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38223" - }, - { - "name" : "25836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25836" - }, - { - "name" : "bugmallshoppingcart-search-sql-injection(35039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the \"basic search box.\" NOTE: 4.0.2 and other versions might also be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4103", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4103" + }, + { + "name": "bugmallshoppingcart-search-sql-injection(35039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35039" + }, + { + "name": "http://www.h4cky0u.org/viewtopic.php?t=26834", + "refsource": "MISC", + "url": "http://www.h4cky0u.org/viewtopic.php?t=26834" + }, + { + "name": "38223", + "refsource": "OSVDB", + "url": "http://osvdb.org/38223" + }, + { + "name": "25836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25836" + }, + { + "name": "24629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24629" + }, + { + "name": "ADV-2007-2322", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2322" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3637.json b/2007/3xxx/CVE-2007-3637.json index b7ee1b13408..82645fdde1a 100644 --- a/2007/3xxx/CVE-2007-3637.json +++ b/2007/3xxx/CVE-2007-3637.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20070706 (no subject)", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html" - }, - { - "name" : "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?", - "refsource" : "MISC", - "url" : "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?" - }, - { - "name" : "24783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24783" - }, - { - "name" : "45801", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24783" + }, + { + "name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?", + "refsource": "MISC", + "url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?" + }, + { + "name": "45801", + "refsource": "OSVDB", + "url": "http://osvdb.org/45801" + }, + { + "name": "[dailydave] 20070706 (no subject)", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3753.json b/2007/3xxx/CVE-2007-3753.json index d963a110274..6f26e316cda 100644 --- a/2007/3xxx/CVE-2007-3753.json +++ b/2007/3xxx/CVE-2007-3753.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306586", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306586" - }, - { - "name" : "APPLE-SA-2007-09-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" - }, - { - "name" : "25855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25855" - }, - { - "name" : "ADV-2007-3287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3287" - }, - { - "name" : "38538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38538" - }, - { - "name" : "1018752", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018752" - }, - { - "name" : "26983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26983" - }, - { - "name" : "iphone-bluetooth-server-code-execution(36844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2007-09-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306586", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306586" + }, + { + "name": "iphone-bluetooth-server-code-execution(36844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844" + }, + { + "name": "38538", + "refsource": "OSVDB", + "url": "http://osvdb.org/38538" + }, + { + "name": "26983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26983" + }, + { + "name": "25855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25855" + }, + { + "name": "ADV-2007-3287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3287" + }, + { + "name": "1018752", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018752" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3962.json b/2007/3xxx/CVE-2007-3962.json index cee2e3d5dd0..d2895b38e9a 100644 --- a/2007/3xxx/CVE-2007-3962.json +++ b/2007/3xxx/CVE-2007-3962.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18", - "refsource" : "MISC", - "url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18" - }, - { - "name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22", - "refsource" : "MISC", - "url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22" - }, - { - "name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup", - "refsource" : "CONFIRM", - "url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=188252", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=188252" - }, - { - "name" : "GLSA-200711-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-01.xml" - }, - { - "name" : "MDVSA-2008:018", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:018" - }, - { - "name" : "25034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25034" - }, - { - "name" : "38569", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38569" - }, - { - "name" : "38570", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38570" - }, - { - "name" : "26184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26184" - }, - { - "name" : "26378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26378" - }, - { - "name" : "27501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18", + "refsource": "MISC", + "url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18" + }, + { + "name": "GLSA-200711-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-01.xml" + }, + { + "name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22", + "refsource": "MISC", + "url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=188252", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=188252" + }, + { + "name": "38569", + "refsource": "OSVDB", + "url": "http://osvdb.org/38569" + }, + { + "name": "25034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25034" + }, + { + "name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup", + "refsource": "CONFIRM", + "url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup" + }, + { + "name": "MDVSA-2008:018", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:018" + }, + { + "name": "26378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26378" + }, + { + "name": "38570", + "refsource": "OSVDB", + "url": "http://osvdb.org/38570" + }, + { + "name": "27501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27501" + }, + { + "name": "26184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26184" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6107.json b/2007/6xxx/CVE-2007-6107.json index bb9e84b5768..409128811eb 100644 --- a/2007/6xxx/CVE-2007-6107.json +++ b/2007/6xxx/CVE-2007-6107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6262.json b/2007/6xxx/CVE-2007-6262.json index 0caedc9f354..b5a959be1d5 100644 --- a/2007/6xxx/CVE-2007-6262.json +++ b/2007/6xxx/CVE-2007-6262.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484563/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2035", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2035" - }, - { - "name" : "http://www.videolan.org/sa0703.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/sa0703.html" - }, - { - "name" : "26675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26675" - }, - { - "name" : "oval:org.mitre.oval:def:14280", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280" - }, - { - "name" : "ADV-2007-4061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4061" - }, - { - "name" : "27878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27878" - }, - { - "name" : "3420", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3420" - }, - { - "name" : "vlcmediaplayer-activex-memory-overwrite(38816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vlcmediaplayer-activex-memory-overwrite(38816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816" + }, + { + "name": "http://www.videolan.org/sa0703.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/sa0703.html" + }, + { + "name": "ADV-2007-4061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4061" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2035", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2035" + }, + { + "name": "oval:org.mitre.oval:def:14280", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280" + }, + { + "name": "27878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27878" + }, + { + "name": "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded" + }, + { + "name": "26675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26675" + }, + { + "name": "3420", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3420" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0042.json b/2010/0xxx/CVE-2010-0042.json index 99696d8c775..4d5e4836ad4 100644 --- a/2010/0xxx/CVE-2010-0042.json +++ b/2010/0xxx/CVE-2010-0042.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4105", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4105" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "38677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38677" - }, - { - "name" : "oval:org.mitre.oval:def:7561", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561" - }, - { - "name" : "1023706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023706" - }, - { - "name" : "39135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39135" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "1023706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023706" + }, + { + "name": "39135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39135" + }, + { + "name": "38677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38677" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4105", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4105" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "oval:org.mitre.oval:def:7561", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-03-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0069.json b/2010/0xxx/CVE-2010-0069.json index 0767f5b98ca..940fb2467a0 100644 --- a/2010/0xxx/CVE-2010-0069.json +++ b/2010/0xxx/CVE-2010-0069.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1277.json b/2010/1xxx/CVE-2010-1277.json index 99fea54ece7..b657c5112a4 100644 --- a/2010/1xxx/CVE-2010-1277.json +++ b/2010/1xxx/CVE-2010-1277.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100401 Zabbix <= 1.8.1 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510480/100/0/threaded" - }, - { - "name" : "20100401 Zabbix <= 1.8.1 SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html" - }, - { - "name" : "http://legalhackers.com/advisories/zabbix181api-sql.txt", - "refsource" : "MISC", - "url" : "http://legalhackers.com/advisories/zabbix181api-sql.txt" - }, - { - "name" : "http://legalhackers.com/poc/zabbix181api.pl-poc", - "refsource" : "MISC", - "url" : "http://legalhackers.com/poc/zabbix181api.pl-poc" - }, - { - "name" : "http://www.zabbix.com/rn1.8.2.php", - "refsource" : "MISC", - "url" : "http://www.zabbix.com/rn1.8.2.php" - }, - { - "name" : "39148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39148" - }, - { - "name" : "63456", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63456" - }, - { - "name" : "39119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39119" - }, - { - "name" : "ADV-2010-0799", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0799", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0799" + }, + { + "name": "http://legalhackers.com/advisories/zabbix181api-sql.txt", + "refsource": "MISC", + "url": "http://legalhackers.com/advisories/zabbix181api-sql.txt" + }, + { + "name": "63456", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63456" + }, + { + "name": "http://www.zabbix.com/rn1.8.2.php", + "refsource": "MISC", + "url": "http://www.zabbix.com/rn1.8.2.php" + }, + { + "name": "20100401 Zabbix <= 1.8.1 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510480/100/0/threaded" + }, + { + "name": "39148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39148" + }, + { + "name": "20100401 Zabbix <= 1.8.1 SQL Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html" + }, + { + "name": "http://legalhackers.com/poc/zabbix181api.pl-poc", + "refsource": "MISC", + "url": "http://legalhackers.com/poc/zabbix181api.pl-poc" + }, + { + "name": "39119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39119" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1319.json b/2010/1xxx/CVE-2010-1319.json index 25889ccbeda..c2a631bc8a3 100644 --- a/2010/1xxx/CVE-2010-1319.json +++ b/2010/1xxx/CVE-2010-1319.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf" - }, - { - "name" : "39490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39490" - }, - { - "name" : "39279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39279" - }, - { - "name" : "ADV-2010-0889", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39490" + }, + { + "name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf", + "refsource": "CONFIRM", + "url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf" + }, + { + "name": "39279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39279" + }, + { + "name": "ADV-2010-0889", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0889" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1614.json b/2010/1xxx/CVE-2010-1614.json index 847b6fbc6f6..b5d265c405b 100644 --- a/2010/1xxx/CVE-2010-1614.json +++ b/2010/1xxx/CVE-2010-1614.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moodle.org/security/", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/security/" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "http://moodle.org/security/", + "refsource": "CONFIRM", + "url": "http://moodle.org/security/" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1800.json b/2010/1xxx/CVE-2010-1800.json index 1cf5cb66aea..50cdcd26a6e 100644 --- a/2010/1xxx/CVE-2010-1800.json +++ b/2010/1xxx/CVE-2010-1800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4312", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4312" - }, - { - "name" : "APPLE-SA-2010-08-24-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" - }, - { - "name" : "1024359", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024359", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024359" + }, + { + "name": "APPLE-SA-2010-08-24-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4312", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4312" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5009.json b/2010/5xxx/CVE-2010-5009.json index 900c773763b..f3dc7da1a0f 100644 --- a/2010/5xxx/CVE-2010-5009.json +++ b/2010/5xxx/CVE-2010-5009.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13854", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13854" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt" - }, - { - "name" : "40836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40836" - }, - { - "name" : "8506", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8506" - }, - { - "name" : "ADV-2010-1465", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1465" - }, - { - "name" : "utstats-index-sql-injection(59402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8506", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8506" + }, + { + "name": "utstats-index-sql-injection(59402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59402" + }, + { + "name": "ADV-2010-1465", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1465" + }, + { + "name": "13854", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13854" + }, + { + "name": "40836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40836" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5247.json b/2010/5xxx/CVE-2010-5247.json index 45daa6de627..76fa69f9ad7 100644 --- a/2010/5xxx/CVE-2010-5247.json +++ b/2010/5xxx/CVE-2010-5247.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100828 QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0386.html" - }, - { - "name" : "41201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100828 QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0386.html" + }, + { + "name": "41201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41201" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5297.json b/2010/5xxx/CVE-2010-5297.json index 9d3ed2a5b18..260232a5f9c 100644 --- a/2010/5xxx/CVE-2010-5297.json +++ b/2010/5xxx/CVE-2010-5297.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress before 3.0.1, when a Multisite installation is used, permanently retains the \"site administrators can add users\" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codex.wordpress.org/Changelog/3.0.1", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Changelog/3.0.1" - }, - { - "name" : "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/15342", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/15342" - }, - { - "name" : "https://core.trac.wordpress.org/ticket/14119", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/ticket/14119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 3.0.1, when a Multisite installation is used, permanently retains the \"site administrators can add users\" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codex.wordpress.org/Changelog/3.0.1", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Changelog/3.0.1" + }, + { + "name": "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed" + }, + { + "name": "https://core.trac.wordpress.org/ticket/14119", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/ticket/14119" + }, + { + "name": "https://core.trac.wordpress.org/changeset/15342", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/15342" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0132.json b/2014/0xxx/CVE-2014-0132.json index 308302bf2c3..994038b38d4 100644 --- a/2014/0xxx/CVE-2014-0132.json +++ b/2014/0xxx/CVE-2014-0132.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/" - }, - { - "name" : "https://fedorahosted.org/389/ticket/47739", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/389/ticket/47739" - }, - { - "name" : "RHSA-2014:0292", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0292.html" - }, - { - "name" : "57412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57412" - }, - { - "name" : "57427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/" + }, + { + "name": "57427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57427" + }, + { + "name": "RHSA-2014:0292", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html" + }, + { + "name": "57412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57412" + }, + { + "name": "https://fedorahosted.org/389/ticket/47739", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/389/ticket/47739" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0628.json b/2014/0xxx/CVE-2014-0628.json index afd22755b34..2a9a5db7194 100644 --- a/2014/0xxx/CVE-2014-0628.json +++ b/2014/0xxx/CVE-2014-0628.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0943.json b/2014/0xxx/CVE-2014-0943.json index 1db859350b2..f3b8f64ef63 100644 --- a/2014/0xxx/CVE-2014-0943.json +++ b/2014/0xxx/CVE-2014-0943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671377", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671377" - }, - { - "name" : "JR49881", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49881" - }, - { - "name" : "JR49996", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49996" - }, - { - "name" : "1030284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030284" - }, - { - "name" : "ibm-websphere-cve20140943-dos(92402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671377", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671377" + }, + { + "name": "JR49881", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49881" + }, + { + "name": "1030284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030284" + }, + { + "name": "JR49996", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49996" + }, + { + "name": "ibm-websphere-cve20140943-dos(92402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92402" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100027.json b/2014/100xxx/CVE-2014-100027.json index c528444ea47..329e858d934 100644 --- a/2014/100xxx/CVE-2014-100027.json +++ b/2014/100xxx/CVE-2014-100027.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/getusedtoit/wp-slimstat/issues/3", - "refsource" : "CONFIRM", - "url" : "https://github.com/getusedtoit/wp-slimstat/issues/3" - }, - { - "name" : "66146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66146" - }, - { - "name" : "57305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57305" - }, - { - "name" : "wpslimstat-wordpress-xss(91840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wpslimstat-wordpress-xss(91840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91840" + }, + { + "name": "https://github.com/getusedtoit/wp-slimstat/issues/3", + "refsource": "CONFIRM", + "url": "https://github.com/getusedtoit/wp-slimstat/issues/3" + }, + { + "name": "57305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57305" + }, + { + "name": "66146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66146" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1378.json b/2014/1xxx/CVE-2014-1378.json index 2a27506cd7b..5648f66a260 100644 --- a/2014/1xxx/CVE-2014-1378.json +++ b/2014/1xxx/CVE-2014-1378.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6296", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6296" - }, - { - "name" : "APPLE-SA-2014-06-30-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" - }, - { - "name" : "1030505", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6296", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6296" + }, + { + "name": "1030505", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030505" + }, + { + "name": "APPLE-SA-2014-06-30-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1527.json b/2014/1xxx/CVE-2014-1527.json index e792279afb5..b2e2e9ec5c5 100644 --- a/2014/1xxx/CVE-2014-1527.json +++ b/2014/1xxx/CVE-2014-1527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=960146", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=960146" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2014-5829", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" - }, - { - "name" : "1030163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=960146", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=960146" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" + }, + { + "name": "1030163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030163" + }, + { + "name": "FEDORA-2014-5829", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1752.json b/2014/1xxx/CVE-2014-1752.json index 895940e1ab1..2050ab76319 100644 --- a/2014/1xxx/CVE-2014-1752.json +++ b/2014/1xxx/CVE-2014-1752.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4110.json b/2014/4xxx/CVE-2014-4110.json index 078f30936db..38e15618de9 100644 --- a/2014/4xxx/CVE-2014-4110.json +++ b/2014/4xxx/CVE-2014-4110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" - }, - { - "name" : "69616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69616" - }, - { - "name" : "1030818", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030818", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030818" + }, + { + "name": "MS14-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" + }, + { + "name": "69616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69616" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2721.json b/2015/2xxx/CVE-2015-2721.json index c42edfa46dd..8a974684dc4 100644 --- a/2015/2xxx/CVE-2015-2721.json +++ b/2015/2xxx/CVE-2015-2721.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://smacktls.com", - "refsource" : "MISC", - "url" : "https://smacktls.com" - }, - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145" - }, - { - "name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes", - "refsource" : "CONFIRM", - "url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3324", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3324" - }, - { - "name" : "DSA-3336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3336" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "GLSA-201701-46", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-46" - }, - { - "name" : "RHSA-2015:1664", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1664.html" - }, - { - "name" : "RHSA-2015:1185", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1185.html" - }, - { - "name" : "SUSE-SU-2015:1268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:1269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" - }, - { - "name" : "USN-2673-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2673-1" - }, - { - "name" : "USN-2656-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-1" - }, - { - "name" : "USN-2672-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2672-1" - }, - { - "name" : "USN-2656-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-2" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "75541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75541" - }, - { - "name" : "83398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83398" - }, - { - "name" : "1032783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032783" - }, - { - "name" : "1032784", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "openSUSE-SU-2015:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" + }, + { + "name": "SUSE-SU-2015:1268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" + }, + { + "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes", + "refsource": "CONFIRM", + "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes" + }, + { + "name": "83398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83398" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "GLSA-201701-46", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-46" + }, + { + "name": "DSA-3336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3336" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "75541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75541" + }, + { + "name": "RHSA-2015:1185", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "DSA-3324", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3324" + }, + { + "name": "USN-2672-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2672-1" + }, + { + "name": "USN-2673-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2673-1" + }, + { + "name": "1032784", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032784" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145" + }, + { + "name": "SUSE-SU-2015:1269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "RHSA-2015:1664", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html" + }, + { + "name": "USN-2656-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-1" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "https://smacktls.com", + "refsource": "MISC", + "url": "https://smacktls.com" + }, + { + "name": "1032783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032783" + }, + { + "name": "USN-2656-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10317.json b/2016/10xxx/CVE-2016-10317.json index eee260acf35..ae61b2de7ca 100644 --- a/2016/10xxx/CVE-2016-10317.json +++ b/2016/10xxx/CVE-2016-10317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697459", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697459" - }, - { - "name" : "USN-3636-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3636-1/" - }, - { - "name" : "97410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697459", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697459" + }, + { + "name": "USN-3636-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3636-1/" + }, + { + "name": "97410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97410" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10408.json b/2016/10xxx/CVE-2016-10408.json index 749fffc6e72..5e3fde590f6 100644 --- a/2016/10xxx/CVE-2016-10408.json +++ b/2016/10xxx/CVE-2016-10408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10535.json b/2016/10xxx/CVE-2016-10535.json index 30dba718391..2ad1029a4e0 100644 --- a/2016/10xxx/CVE-2016-10535.json +++ b/2016/10xxx/CVE-2016-10535.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "csrf-lite node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Timing Discrepancy (CWE-208)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "csrf-lite node module", + "version": { + "version_data": [ + { + "version_value": "<=0.1.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/isaacs/csrf-lite/pull/1", - "refsource" : "MISC", - "url" : "https://github.com/isaacs/csrf-lite/pull/1" - }, - { - "name" : "https://nodesecurity.io/advisories/94", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/94" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Timing Discrepancy (CWE-208)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/94", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/94" + }, + { + "name": "https://github.com/isaacs/csrf-lite/pull/1", + "refsource": "MISC", + "url": "https://github.com/isaacs/csrf-lite/pull/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3027.json b/2016/3xxx/CVE-2016-3027.json index c9b2c90f739..d2e686326a6 100644 --- a/2016/3xxx/CVE-2016-3027.json +++ b/2016/3xxx/CVE-2016-3027.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21994440", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21994440" - }, - { - "name" : "96127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21994440", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21994440" + }, + { + "name": "96127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96127" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3730.json b/2016/3xxx/CVE-2016-3730.json index e55ae463928..9f5b4f3d66d 100644 --- a/2016/3xxx/CVE-2016-3730.json +++ b/2016/3xxx/CVE-2016-3730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9046.json b/2016/9xxx/CVE-2016-9046.json index 74919e4d764..165fcce66fd 100644 --- a/2016/9xxx/CVE-2016-9046.json +++ b/2016/9xxx/CVE-2016-9046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9159.json b/2016/9xxx/CVE-2016-9159.json index d1d1911f4b6..12291909c06 100644 --- a/2016/9xxx/CVE-2016-9159.json +++ b/2016/9xxx/CVE-2016-9159.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2016-9159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC S7-300 CPU family : All versions" - }, - { - "version_value" : "SIMATIC S7-400 V6 and earlier CPU family : All versions" - }, - { - "version_value" : "SIMATIC S7-400 V7 CPU family : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200: Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2016-9159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family", + "version": { + "version_data": [ + { + "version_value": "SIMATIC S7-300 CPU family : All versions" + }, + { + "version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions" + }, + { + "version_value": "SIMATIC S7-400 V7 CPU family : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" - }, - { - "name" : "94820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94820" - }, - { - "name" : "1037434", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94820" + }, + { + "name": "1037434", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037434" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9310.json b/2016/9xxx/CVE-2016-9310.json index e57b8f8a7d8..e6007714961 100644 --- a/2016/9xxx/CVE-2016-9310.json +++ b/2016/9xxx/CVE-2016-9310.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nwtime.org/ntp428p9_release/", - "refsource" : "CONFIRM", - "url" : "http://nwtime.org/ntp428p9_release/" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3118", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3118" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa139", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa139" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us" - }, - { - "name" : "FreeBSD-SA-16:39", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc" - }, - { - "name" : "RHSA-2017:0252", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0252.html" - }, - { - "name" : "USN-3707-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3707-2/" - }, - { - "name" : "VU#633847", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/633847" - }, - { - "name" : "94452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94452" - }, - { - "name" : "1037354", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3118", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3118" + }, + { + "name": "USN-3707-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3707-2/" + }, + { + "name": "94452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94452" + }, + { + "name": "RHSA-2017:0252", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html" + }, + { + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities" + }, + { + "name": "http://nwtime.org/ntp428p9_release/", + "refsource": "CONFIRM", + "url": "http://nwtime.org/ntp428p9_release/" + }, + { + "name": "VU#633847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/633847" + }, + { + "name": "1037354", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037354" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa139", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa139" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us" + }, + { + "name": "FreeBSD-SA-16:39", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9337.json b/2016/9xxx/CVE-2016-9337.json index e5fad7b0897..9469bcf3e26 100644 --- a/2016/9xxx/CVE-2016-9337.json +++ b/2016/9xxx/CVE-2016-9337.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tesla Gateway ECU on Model S automobile", - "version" : { - "version_data" : [ - { - "version_value" : "Tesla Gateway ECU on Model S automobile" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Tesla Gateway ECU Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tesla Gateway ECU on Model S automobile", + "version": { + "version_data": [ + { + "version_value": "Tesla Gateway ECU on Model S automobile" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01" - }, - { - "name" : "94697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tesla Gateway ECU Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94697" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9479.json b/2016/9xxx/CVE-2016-9479.json index 5942bb0b658..80208fcd29b 100644 --- a/2016/9xxx/CVE-2016-9479.json +++ b/2016/9xxx/CVE-2016-9479.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"lost password\" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://b2evolution.net/downloads/6-7-9-stable", - "refsource" : "CONFIRM", - "url" : "http://b2evolution.net/downloads/6-7-9-stable" - }, - { - "name" : "https://github.com/b2evolution/b2evolution/issues/33", - "refsource" : "CONFIRM", - "url" : "https://github.com/b2evolution/b2evolution/issues/33" - }, - { - "name" : "95006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95006" - }, - { - "name" : "1037393", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"lost password\" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://b2evolution.net/downloads/6-7-9-stable", + "refsource": "CONFIRM", + "url": "http://b2evolution.net/downloads/6-7-9-stable" + }, + { + "name": "1037393", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037393" + }, + { + "name": "https://github.com/b2evolution/b2evolution/issues/33", + "refsource": "CONFIRM", + "url": "https://github.com/b2evolution/b2evolution/issues/33" + }, + { + "name": "95006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95006" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9921.json b/2016/9xxx/CVE-2016-9921.json index 87aab97c9f5..05517b204d0 100644 --- a/2016/9xxx/CVE-2016-9921.json +++ b/2016/9xxx/CVE-2016-9921.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/09/1" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "GLSA-201701-49", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-49" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "94803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "GLSA-201701-49", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-49" + }, + { + "name": "94803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94803" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + }, + { + "name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/09/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2745.json b/2019/2xxx/CVE-2019-2745.json index 55003d5817d..53d16f78ae1 100644 --- a/2019/2xxx/CVE-2019-2745.json +++ b/2019/2xxx/CVE-2019-2745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2805.json b/2019/2xxx/CVE-2019-2805.json index c118a9b7086..8a4389b5071 100644 --- a/2019/2xxx/CVE-2019-2805.json +++ b/2019/2xxx/CVE-2019-2805.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2805", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2805", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2903.json b/2019/2xxx/CVE-2019-2903.json index 6e42471d32a..ba35cc1293e 100644 --- a/2019/2xxx/CVE-2019-2903.json +++ b/2019/2xxx/CVE-2019-2903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6315.json b/2019/6xxx/CVE-2019-6315.json index a38867e419d..0c5a152d486 100644 --- a/2019/6xxx/CVE-2019-6315.json +++ b/2019/6xxx/CVE-2019-6315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6315", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6315", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6422.json b/2019/6xxx/CVE-2019-6422.json index 57c1d5f2cc8..ee52ee75207 100644 --- a/2019/6xxx/CVE-2019-6422.json +++ b/2019/6xxx/CVE-2019-6422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6422", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6422", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6500.json b/2019/6xxx/CVE-2019-6500.json index 34516fa3fd1..28ba5d67ed8 100644 --- a/2019/6xxx/CVE-2019-6500.json +++ b/2019/6xxx/CVE-2019-6500.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md", - "refsource" : "MISC", - "url" : "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md" - }, - { - "name" : "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html", - "refsource" : "MISC", - "url" : "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md", + "refsource": "MISC", + "url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md" + }, + { + "name": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html", + "refsource": "MISC", + "url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6735.json b/2019/6xxx/CVE-2019-6735.json index 652d89e9779..48cc235bc34 100644 --- a/2019/6xxx/CVE-2019-6735.json +++ b/2019/6xxx/CVE-2019-6735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6928.json b/2019/6xxx/CVE-2019-6928.json index 81131604ca1..1d7f7839c51 100644 --- a/2019/6xxx/CVE-2019-6928.json +++ b/2019/6xxx/CVE-2019-6928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7877.json b/2019/7xxx/CVE-2019-7877.json index 1e5ccaa62a0..4eda3c1163c 100644 --- a/2019/7xxx/CVE-2019-7877.json +++ b/2019/7xxx/CVE-2019-7877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file