From b953c537e6ad61484ec642e12229cc37d8d6c540 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:35:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5173.json | 220 ++++++------ 2006/5xxx/CVE-2006-5202.json | 190 +++++----- 2006/5xxx/CVE-2006-5733.json | 170 ++++----- 2006/5xxx/CVE-2006-5797.json | 190 +++++----- 2007/2xxx/CVE-2007-2089.json | 160 ++++----- 2007/2xxx/CVE-2007-2442.json | 640 ++++++++++++++++----------------- 2007/2xxx/CVE-2007-2607.json | 160 ++++----- 2007/3xxx/CVE-2007-3018.json | 180 +++++----- 2007/3xxx/CVE-2007-3199.json | 180 +++++----- 2007/6xxx/CVE-2007-6185.json | 170 ++++----- 2007/6xxx/CVE-2007-6450.json | 340 +++++++++--------- 2007/6xxx/CVE-2007-6461.json | 150 ++++---- 2010/0xxx/CVE-2010-0051.json | 340 +++++++++--------- 2010/0xxx/CVE-2010-0403.json | 220 ++++++------ 2010/0xxx/CVE-2010-0565.json | 180 +++++----- 2010/0xxx/CVE-2010-0960.json | 190 +++++----- 2010/1xxx/CVE-2010-1115.json | 140 ++++---- 2010/1xxx/CVE-2010-1168.json | 290 +++++++-------- 2010/1xxx/CVE-2010-1453.json | 160 ++++----- 2010/1xxx/CVE-2010-1630.json | 160 ++++----- 2010/1xxx/CVE-2010-1747.json | 34 +- 2010/1xxx/CVE-2010-1930.json | 200 +++++------ 2010/5xxx/CVE-2010-5013.json | 180 +++++----- 2010/5xxx/CVE-2010-5102.json | 220 ++++++------ 2010/5xxx/CVE-2010-5105.json | 160 ++++----- 2014/0xxx/CVE-2014-0318.json | 140 ++++---- 2014/0xxx/CVE-2014-0459.json | 240 ++++++------- 2014/0xxx/CVE-2014-0543.json | 160 ++++----- 2014/0xxx/CVE-2014-0679.json | 120 +++---- 2014/0xxx/CVE-2014-0956.json | 140 ++++---- 2014/10xxx/CVE-2014-10068.json | 142 ++++---- 2014/1xxx/CVE-2014-1214.json | 34 +- 2014/1xxx/CVE-2014-1596.json | 34 +- 2014/1xxx/CVE-2014-1634.json | 34 +- 2014/1xxx/CVE-2014-1800.json | 140 ++++---- 2014/4xxx/CVE-2014-4155.json | 140 ++++---- 2014/4xxx/CVE-2014-4376.json | 160 ++++----- 2014/4xxx/CVE-2014-4410.json | 230 ++++++------ 2014/4xxx/CVE-2014-4870.json | 120 +++---- 2014/5xxx/CVE-2014-5082.json | 130 +++---- 2016/10xxx/CVE-2016-10432.json | 132 +++---- 2016/3xxx/CVE-2016-3175.json | 34 +- 2016/3xxx/CVE-2016-3304.json | 150 ++++---- 2016/3xxx/CVE-2016-3504.json | 150 ++++---- 2016/3xxx/CVE-2016-3785.json | 34 +- 2016/7xxx/CVE-2016-7466.json | 200 +++++------ 2016/7xxx/CVE-2016-7892.json | 190 +++++----- 2016/8xxx/CVE-2016-8073.json | 34 +- 2016/8xxx/CVE-2016-8131.json | 34 +- 2016/8xxx/CVE-2016-8596.json | 130 +++---- 2016/8xxx/CVE-2016-8926.json | 150 ++++---- 2016/9xxx/CVE-2016-9107.json | 160 ++++----- 2016/9xxx/CVE-2016-9431.json | 160 ++++----- 2016/9xxx/CVE-2016-9744.json | 34 +- 2019/2xxx/CVE-2019-2129.json | 34 +- 2019/2xxx/CVE-2019-2516.json | 34 +- 2019/2xxx/CVE-2019-2855.json | 34 +- 2019/6xxx/CVE-2019-6533.json | 122 +++---- 2019/6xxx/CVE-2019-6919.json | 34 +- 59 files changed, 4519 insertions(+), 4519 deletions(-) diff --git a/2006/5xxx/CVE-2006-5173.json b/2006/5xxx/CVE-2006-5173.json index 7cd65dad52a..dfd62c45021 100644 --- a/2006/5xxx/CVE-2006-5173.json +++ b/2006/5xxx/CVE-2006-5173.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826" - }, - { - "name" : "MDKSA-2007:002", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-395-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-395-1" - }, - { - "name" : "21851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21851" - }, - { - "name" : "23361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23361" - }, - { - "name" : "23384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23384" - }, - { - "name" : "23593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23593" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "23361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23361" + }, + { + "name": "23593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23593" + }, + { + "name": "23384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23384" + }, + { + "name": "21851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21851" + }, + { + "name": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826", + "refsource": "CONFIRM", + "url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "MDKSA-2007:002", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:002" + }, + { + "name": "USN-395-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-395-1" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5202.json b/2006/5xxx/CVE-2006-5202.json index e1c231a6020..fffec747304 100644 --- a/2006/5xxx/CVE-2006-5202.json +++ b/2006/5xxx/CVE-2006-5202.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 linksys WRT54g authentication bypass", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html" - }, - { - "name" : "5926", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5926" - }, - { - "name" : "https://kinqpinz.info/lib/wrt54g/", - "refsource" : "MISC", - "url" : "https://kinqpinz.info/lib/wrt54g/" - }, - { - "name" : "https://kinqpinz.info/lib/wrt54g/own2.txt", - "refsource" : "MISC", - "url" : "https://kinqpinz.info/lib/wrt54g/own2.txt" - }, - { - "name" : "VU#930364", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/930364" - }, - { - "name" : "19347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19347" - }, - { - "name" : "1016638", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016638" - }, - { - "name" : "21372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19347" + }, + { + "name": "https://kinqpinz.info/lib/wrt54g/", + "refsource": "MISC", + "url": "https://kinqpinz.info/lib/wrt54g/" + }, + { + "name": "20060804 linksys WRT54g authentication bypass", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html" + }, + { + "name": "5926", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5926" + }, + { + "name": "https://kinqpinz.info/lib/wrt54g/own2.txt", + "refsource": "MISC", + "url": "https://kinqpinz.info/lib/wrt54g/own2.txt" + }, + { + "name": "VU#930364", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/930364" + }, + { + "name": "21372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21372" + }, + { + "name": "1016638", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016638" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5733.json b/2006/5xxx/CVE-2006-5733.json index 80c62a818aa..7192072f206 100644 --- a/2006/5xxx/CVE-2006-5733.json +++ b/2006/5xxx/CVE-2006-5733.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2707", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2707" - }, - { - "name" : "http://community.postnuke.com/Article2787.htm", - "refsource" : "CONFIRM", - "url" : "http://community.postnuke.com/Article2787.htm" - }, - { - "name" : "20897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20897" - }, - { - "name" : "21218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21218" - }, - { - "name" : "22983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22983" - }, - { - "name" : "postnuke-pnapi-file-include(29992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2707", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2707" + }, + { + "name": "22983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22983" + }, + { + "name": "21218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21218" + }, + { + "name": "http://community.postnuke.com/Article2787.htm", + "refsource": "CONFIRM", + "url": "http://community.postnuke.com/Article2787.htm" + }, + { + "name": "postnuke-pnapi-file-include(29992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29992" + }, + { + "name": "20897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20897" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5797.json b/2006/5xxx/CVE-2006-5797.json index 36215361195..a535ad5dc53 100644 --- a/2006/5xxx/CVE-2006-5797.json +++ b/2006/5xxx/CVE-2006-5797.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061104 Xenis.creator CMS - Multiple Cross", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116266150514762&w=2" - }, - { - "name" : "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116267021732120&w=2" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31" - }, - { - "name" : "20908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20908" - }, - { - "name" : "ADV-2006-4470", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4470" - }, - { - "name" : "1017162", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017162" - }, - { - "name" : "22716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22716" - }, - { - "name" : "xeniscreatorcms-default-sql-injection(30017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22716" + }, + { + "name": "20908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20908" + }, + { + "name": "20061104 Xenis.creator CMS - Multiple Cross", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116266150514762&w=2" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls31" + }, + { + "name": "xeniscreatorcms-default-sql-injection(30017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30017" + }, + { + "name": "20061104 Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116267021732120&w=2" + }, + { + "name": "ADV-2006-4470", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4470" + }, + { + "name": "1017162", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017162" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2089.json b/2007/2xxx/CVE-2007-2089.json index 4fcc4f3b21a..e7156e33669 100644 --- a/2007/2xxx/CVE-2007-2089.json +++ b/2007/2xxx/CVE-2007-2089.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070415 Mambo/Joomla Component New Article Component RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466059/100/0/threaded" - }, - { - "name" : "3736", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3736" - }, - { - "name" : "23513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23513" - }, - { - "name" : "ADV-2007-1394", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1394" - }, - { - "name" : "newarticle-comarticles-file-include(33663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3736", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3736" + }, + { + "name": "newarticle-comarticles-file-include(33663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33663" + }, + { + "name": "23513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23513" + }, + { + "name": "20070415 Mambo/Joomla Component New Article Component RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466059/100/0/threaded" + }, + { + "name": "ADV-2007-1394", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1394" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2442.json b/2007/2xxx/CVE-2007-2442.json index 9a52de45648..8e9888ad468 100644 --- a/2007/2xxx/CVE-2007-2442.json +++ b/2007/2xxx/CVE-2007-2442.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472288/100/0/threaded" - }, - { - "name" : "20070628 FLEA-2007-0029-1: krb5 krb5-workstation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472432/100/0/threaded" - }, - { - "name" : "20070629 TSLSA-2007-0021 - kerberos5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472507/30/5970/threaded" - }, - { - "name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" - }, - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1499", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1499" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "DSA-1323", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1323" - }, - { - "name" : "GLSA-200707-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200707-11.xml" - }, - { - "name" : "HPSBUX02544", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427" - }, - { - "name" : "SSRT100107", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427" - }, - { - "name" : "MDKSA-2007:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:137" - }, - { - "name" : "RHSA-2007:0384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0384.html" - }, - { - "name" : "RHSA-2007:0562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0562.html" - }, - { - "name" : "20070602-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" - }, - { - "name" : "102914", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1" - }, - { - "name" : "SUSE-SA:2007:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_38_krb5.html" - }, - { - "name" : "2007-0021", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0021/" - }, - { - "name" : "USN-477-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-477-1" - }, - { - "name" : "VU#356961", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/356961" - }, - { - "name" : "TA07-177A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-177A.html" - }, - { - "name" : "24655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24655" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "36596", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36596" - }, - { - "name" : "oval:org.mitre.oval:def:10631", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631" - }, - { - "name" : "oval:org.mitre.oval:def:7344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344" - }, - { - "name" : "40346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40346" - }, - { - "name" : "ADV-2007-2337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2337" - }, - { - "name" : "ADV-2007-2354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2354" - }, - { - "name" : "ADV-2007-2491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2491" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "ADV-2007-3229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3229" - }, - { - "name" : "1018293", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018293" - }, - { - "name" : "25821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25821" - }, - { - "name" : "25870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25870" - }, - { - "name" : "25890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25890" - }, - { - "name" : "25894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25894" - }, - { - "name" : "25800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25800" - }, - { - "name" : "25801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25801" - }, - { - "name" : "25814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25814" - }, - { - "name" : "25841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25841" - }, - { - "name" : "25888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25888" - }, - { - "name" : "25911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25911" - }, - { - "name" : "26228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26228" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "26033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26033" - }, - { - "name" : "26909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26909" - }, - { - "name" : "27706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27706" - }, - { - "name" : "ADV-2010-1574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1574" - }, - { - "name" : "kerberos-gssrpcsvcauthgssapi-code-execution(35082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" + }, + { + "name": "kerberos-gssrpcsvcauthgssapi-code-execution(35082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35082" + }, + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "25894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25894" + }, + { + "name": "oval:org.mitre.oval:def:10631", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10631" + }, + { + "name": "25801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25801" + }, + { + "name": "USN-477-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-477-1" + }, + { + "name": "VU#356961", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/356961" + }, + { + "name": "ADV-2007-3229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3229" + }, + { + "name": "20070629 TSLSA-2007-0021 - kerberos5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472507/30/5970/threaded" + }, + { + "name": "25911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25911" + }, + { + "name": "25888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25888" + }, + { + "name": "36596", + "refsource": "OSVDB", + "url": "http://osvdb.org/36596" + }, + { + "name": "RHSA-2007:0384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0384.html" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.html" + }, + { + "name": "25890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25890" + }, + { + "name": "ADV-2007-2337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2337" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "ADV-2007-2491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2491" + }, + { + "name": "26228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26228" + }, + { + "name": "ADV-2010-1574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1574" + }, + { + "name": "oval:org.mitre.oval:def:7344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7344" + }, + { + "name": "26033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26033" + }, + { + "name": "GLSA-200707-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200707-11.xml" + }, + { + "name": "25800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25800" + }, + { + "name": "SSRT100107", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427" + }, + { + "name": "1018293", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018293" + }, + { + "name": "DSA-1323", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1323" + }, + { + "name": "2007-0021", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0021/" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt" + }, + { + "name": "TA07-177A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-177A.html" + }, + { + "name": "SUSE-SA:2007:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_38_krb5.html" + }, + { + "name": "25870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25870" + }, + { + "name": "MDKSA-2007:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:137" + }, + { + "name": "26909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26909" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1499", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1499" + }, + { + "name": "27706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27706" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "ADV-2007-2354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2354" + }, + { + "name": "RHSA-2007:0562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0562.html" + }, + { + "name": "HPSBUX02544", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt" + }, + { + "name": "102914", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102914-1" + }, + { + "name": "20070628 FLEA-2007-0029-1: krb5 krb5-workstation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472432/100/0/threaded" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "20070626 MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472288/100/0/threaded" + }, + { + "name": "25814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25814" + }, + { + "name": "25821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25821" + }, + { + "name": "20070602-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc" + }, + { + "name": "40346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40346" + }, + { + "name": "25841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25841" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + }, + { + "name": "24655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24655" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2607.json b/2007/2xxx/CVE-2007-2607.json index 01a6b76eaae..519c1790cec 100644 --- a/2007/2xxx/CVE-2007-2607.json +++ b/2007/2xxx/CVE-2007-2607.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3870", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3870" - }, - { - "name" : "23877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23877" - }, - { - "name" : "ADV-2007-1733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1733" - }, - { - "name" : "37790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37790" - }, - { - "name" : "lavague-printbar-file-include(34177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1733" + }, + { + "name": "23877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23877" + }, + { + "name": "lavague-printbar-file-include(34177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34177" + }, + { + "name": "3870", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3870" + }, + { + "name": "37790", + "refsource": "OSVDB", + "url": "http://osvdb.org/37790" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3018.json b/2007/3xxx/CVE-2007-3018.json index 4a759345b6a..3164599b1a7 100644 --- a/2007/3xxx/CVE-2007-3018.json +++ b/2007/3xxx/CVE-2007-3018.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070713 ActiveWeb Contentserver CMS Editor Permission Settings Problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473629/100/0/threaded" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-007.php", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-007.php" - }, - { - "name" : "24900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24900" - }, - { - "name" : "39746", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39746" - }, - { - "name" : "26063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26063" - }, - { - "name" : "2899", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2899" - }, - { - "name" : "activeweb-editor-insecure-permissions(35400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24900" + }, + { + "name": "39746", + "refsource": "OSVDB", + "url": "http://osvdb.org/39746" + }, + { + "name": "20070713 ActiveWeb Contentserver CMS Editor Permission Settings Problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473629/100/0/threaded" + }, + { + "name": "activeweb-editor-insecure-permissions(35400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35400" + }, + { + "name": "2899", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2899" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-007.php", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-007.php" + }, + { + "name": "26063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26063" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3199.json b/2007/3xxx/CVE-2007-3199.json index 4ace9304860..70f43e4622e 100644 --- a/2007/3xxx/CVE-2007-3199.json +++ b/2007/3xxx/CVE-2007-3199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4059", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4059" - }, - { - "name" : "http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar", - "refsource" : "MISC", - "url" : "http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar" - }, - { - "name" : "24408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24408" - }, - { - "name" : "37204", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37204" - }, - { - "name" : "ADV-2007-2143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2143" - }, - { - "name" : "25614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25614" - }, - { - "name" : "linkrequest-output-file-upload(34801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24408" + }, + { + "name": "37204", + "refsource": "OSVDB", + "url": "http://osvdb.org/37204" + }, + { + "name": "25614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25614" + }, + { + "name": "linkrequest-output-file-upload(34801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34801" + }, + { + "name": "4059", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4059" + }, + { + "name": "ADV-2007-2143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2143" + }, + { + "name": "http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar", + "refsource": "MISC", + "url": "http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6185.json b/2007/6xxx/CVE-2007-6185.json index 5e1cffd713e..fa823f137f6 100644 --- a/2007/6xxx/CVE-2007-6185.json +++ b/2007/6xxx/CVE-2007-6185.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071127 Eurologon CMS Db credentials disclosure / files download", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484268/100/0/threaded" - }, - { - "name" : "4666", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4666" - }, - { - "name" : "26600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26600" - }, - { - "name" : "39685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39685" - }, - { - "name" : "3408", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3408" - }, - { - "name" : "eurologoncms-files-directory-traversal(38659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3408", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3408" + }, + { + "name": "4666", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4666" + }, + { + "name": "39685", + "refsource": "OSVDB", + "url": "http://osvdb.org/39685" + }, + { + "name": "20071127 Eurologon CMS Db credentials disclosure / files download", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484268/100/0/threaded" + }, + { + "name": "eurologoncms-files-directory-traversal(38659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38659" + }, + { + "name": "26600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26600" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6450.json b/2007/6xxx/CVE-2007-6450.json index 2863cac7634..7df998d0d66 100644 --- a/2007/6xxx/CVE-2007-6450.json +++ b/2007/6xxx/CVE-2007-6450.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "DSA-1446", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1446" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "RHSA-2008:0059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "27071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27071" - }, - { - "name" : "oval:org.mitre.oval:def:11442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11442" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "28315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28315" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "28583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28583" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - }, - { - "name" : "wireshark-rpl-dissector-dos(39186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wireshark-rpl-dissector-dos(39186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39186" + }, + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "RHSA-2008:0059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "28315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28315" + }, + { + "name": "28583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28583" + }, + { + "name": "27071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27071" + }, + { + "name": "oval:org.mitre.oval:def:11442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11442" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + }, + { + "name": "DSA-1446", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1446" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6461.json b/2007/6xxx/CVE-2007-6461.json index d0dd31f5667..7c637dfbf6e 100644 --- a/2007/6xxx/CVE-2007-6461.json +++ b/2007/6xxx/CVE-2007-6461.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://flyspray.org/fsa:2", - "refsource" : "CONFIRM", - "url" : "http://flyspray.org/fsa:2" - }, - { - "name" : "39256", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39256" - }, - { - "name" : "39257", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39257" - }, - { - "name" : "28106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28106" + }, + { + "name": "39256", + "refsource": "OSVDB", + "url": "http://osvdb.org/39256" + }, + { + "name": "http://flyspray.org/fsa:2", + "refsource": "CONFIRM", + "url": "http://flyspray.org/fsa:2" + }, + { + "name": "39257", + "refsource": "OSVDB", + "url": "http://osvdb.org/39257" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0051.json b/2010/0xxx/CVE-2010-0051.json index f67a7a63a3b..5811dea5338 100644 --- a/2010/0xxx/CVE-2010-0051.json +++ b/2010/0xxx/CVE-2010-0051.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9877", - "refsource" : "MISC", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9877" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" - }, - { - "name" : "http://websec.sv.cmu.edu/css/css.pdf", - "refsource" : "MISC", - "url" : "http://websec.sv.cmu.edu/css/css.pdf" - }, - { - "name" : "http://support.apple.com/kb/HT4070", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4070" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-03-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "38671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38671" - }, - { - "name" : "62944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62944" - }, - { - "name" : "oval:org.mitre.oval:def:7554", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7554" - }, - { - "name" : "1023708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023708" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "safari-stylesheet-info-disclosure(56837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "APPLE-SA-2010-03-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "1023708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023708" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://websec.sv.cmu.edu/css/css.pdf", + "refsource": "MISC", + "url": "http://websec.sv.cmu.edu/css/css.pdf" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "62944", + "refsource": "OSVDB", + "url": "http://osvdb.org/62944" + }, + { + "name": "http://support.apple.com/kb/HT4070", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4070" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9877", + "refsource": "MISC", + "url": "http://code.google.com/p/chromium/issues/detail?id=9877" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "oval:org.mitre.oval:def:7554", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7554" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "38671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38671" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + }, + { + "name": "safari-stylesheet-info-disclosure(56837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56837" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0403.json b/2010/0xxx/CVE-2010-0403.json index 3416130766c..62654f5247f 100644 --- a/2010/0xxx/CVE-2010-0403.json +++ b/2010/0xxx/CVE-2010-0403.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511299/100/0/threaded" - }, - { - "name" : "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html" - }, - { - "name" : "http://download.phpgroupware.org/", - "refsource" : "CONFIRM", - "url" : "http://download.phpgroupware.org/" - }, - { - "name" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0", - "refsource" : "CONFIRM", - "url" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0" - }, - { - "name" : "DSA-2046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2046" - }, - { - "name" : "40167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40167" - }, - { - "name" : "39665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39665" - }, - { - "name" : "39731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39731" - }, - { - "name" : "ADV-2010-1145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1145" - }, - { - "name" : "ADV-2010-1146", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1146" - }, - { - "name" : "phpgroupware-about-file-include(58657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1146", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1146" + }, + { + "name": "ADV-2010-1145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1145" + }, + { + "name": "http://download.phpgroupware.org/", + "refsource": "CONFIRM", + "url": "http://download.phpgroupware.org/" + }, + { + "name": "phpgroupware-about-file-include(58657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657" + }, + { + "name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html" + }, + { + "name": "40167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40167" + }, + { + "name": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0", + "refsource": "CONFIRM", + "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0" + }, + { + "name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded" + }, + { + "name": "39731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39731" + }, + { + "name": "DSA-2046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2046" + }, + { + "name": "39665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39665" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0565.json b/2010/0xxx/CVE-2010-0565.json index b68ae5b6930..aae7981b678 100644 --- a/2010/0xxx/CVE-2010-0565.json +++ b/2010/0xxx/CVE-2010-0565.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and \"WebVPN DTLS Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml" - }, - { - "name" : "38280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38280" - }, - { - "name" : "62430", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62430" - }, - { - "name" : "1023612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023612" - }, - { - "name" : "38618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38618" - }, - { - "name" : "ADV-2010-0415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0415" - }, - { - "name" : "cisco-asa-webvpn-dtls-dos(56339)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and \"WebVPN DTLS Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml" + }, + { + "name": "38618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38618" + }, + { + "name": "38280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38280" + }, + { + "name": "1023612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023612" + }, + { + "name": "ADV-2010-0415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0415" + }, + { + "name": "62430", + "refsource": "OSVDB", + "url": "http://osvdb.org/62430" + }, + { + "name": "cisco-asa-webvpn-dtls-dos(56339)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56339" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0960.json b/2010/0xxx/CVE-2010-0960.json index 8c119aa648d..00612a6d20d 100644 --- a/2010/0xxx/CVE-2010-0960.json +++ b/2010/0xxx/CVE-2010-0960.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc" - }, - { - "name" : "IZ68231", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ68231" - }, - { - "name" : "IZ71555", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71555" - }, - { - "name" : "IZ71627", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71627" - }, - { - "name" : "IZ71870", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ71870" - }, - { - "name" : "oval:org.mitre.oval:def:6822", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822" - }, - { - "name" : "1023695", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023695" - }, - { - "name" : "ADV-2010-0557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023695", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023695" + }, + { + "name": "IZ68231", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68231" + }, + { + "name": "IZ71870", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71870" + }, + { + "name": "IZ71627", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71627" + }, + { + "name": "ADV-2010-0557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0557" + }, + { + "name": "IZ71555", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71555" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc" + }, + { + "name": "oval:org.mitre.oval:def:6822", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1115.json b/2010/1xxx/CVE-2010-1115.json index eb3039dd946..3a6eed4240a 100644 --- a/2010/1xxx/CVE-2010-1115.json +++ b/2010/1xxx/CVE-2010-1115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.com/1001-exploits/webservercreator-traversalxssrfi.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.com/1001-exploits/webservercreator-traversalxssrfi.txt" - }, - { - "name" : "37841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37841" - }, - { - "name" : "webservercreator-customize-dir-traversal(55725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37841" + }, + { + "name": "http://www.packetstormsecurity.com/1001-exploits/webservercreator-traversalxssrfi.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.com/1001-exploits/webservercreator-traversalxssrfi.txt" + }, + { + "name": "webservercreator-customize-dir-traversal(55725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55725" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1168.json b/2010/1xxx/CVE-2010-1168.json index 7325fe3199f..7e964c84411 100644 --- a/2010/1xxx/CVE-2010-1168.json +++ b/2010/1xxx/CVE-2010-1168.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/20/5" - }, - { - "name" : "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html" - }, - { - "name" : "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=576508", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=576508" - }, - { - "name" : "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "MDVSA-2010:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115" - }, - { - "name" : "MDVSA-2010:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116" - }, - { - "name" : "RHSA-2010:0457", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0457.html" - }, - { - "name" : "RHSA-2010:0458", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0458.html" - }, - { - "name" : "oval:org.mitre.oval:def:9807", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807" - }, - { - "name" : "oval:org.mitre.oval:def:7424", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424" - }, - { - "name" : "1024062", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024062" - }, - { - "name" : "40049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40049" - }, - { - "name" : "40052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40052" - }, - { - "name" : "42402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42402" - }, - { - "name" : "ADV-2010-3075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115" + }, + { + "name": "42402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42402" + }, + { + "name": "oval:org.mitre.oval:def:9807", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807" + }, + { + "name": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes" + }, + { + "name": "1024062", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024062" + }, + { + "name": "RHSA-2010:0457", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html" + }, + { + "name": "oval:org.mitre.oval:def:7424", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=576508", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html", + "refsource": "CONFIRM", + "url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html" + }, + { + "name": "40049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40049" + }, + { + "name": "ADV-2010-3075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3075" + }, + { + "name": "40052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40052" + }, + { + "name": "RHSA-2010:0458", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html" + }, + { + "name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/20/5" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" + }, + { + "name": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in" + }, + { + "name": "MDVSA-2010:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1453.json b/2010/1xxx/CVE-2010-1453.json index 996028567a3..4f19659e21b 100644 --- a/2010/1xxx/CVE-2010-1453.json +++ b/2010/1xxx/CVE-2010-1453.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100505 CVE Request - Piwik 0.5.5 - XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/05/3" - }, - { - "name" : "[oss-security] 20100505 Re: CVE Request - Piwik 0.5.5 - XSS vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/05/4" - }, - { - "name" : "http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/" - }, - { - "name" : "39666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39666" - }, - { - "name" : "ADV-2010-1079", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/", + "refsource": "CONFIRM", + "url": "http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/" + }, + { + "name": "[oss-security] 20100505 CVE Request - Piwik 0.5.5 - XSS vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/05/3" + }, + { + "name": "ADV-2010-1079", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1079" + }, + { + "name": "[oss-security] 20100505 Re: CVE Request - Piwik 0.5.5 - XSS vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/05/4" + }, + { + "name": "39666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39666" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1630.json b/2010/1xxx/CVE-2010-1630.json index c27473d93c7..6bf5bdeae0b 100644 --- a/2010/1xxx/CVE-2010-1630.json +++ b/2010/1xxx/CVE-2010-1630.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a \"forum id\" in circumstances related to a \"global announcement.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100517 CVE request: phpbb 3.0.7 and before 3.0.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/16/1" - }, - { - "name" : "[oss-security] 20100518 Re: CVE request: phpbb 3.0.7 and before 3.0.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/18/12" - }, - { - "name" : "[oss-security] 20100519 Re: CVE request: phpbb 3.0.7 and before 3.0.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/05/19/5" - }, - { - "name" : "http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657", - "refsource" : "MISC", - "url" : "http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657" - }, - { - "name" : "http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a \"forum id\" in circumstances related to a \"global announcement.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100518 Re: CVE request: phpbb 3.0.7 and before 3.0.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/18/12" + }, + { + "name": "http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657", + "refsource": "MISC", + "url": "http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657" + }, + { + "name": "[oss-security] 20100519 Re: CVE request: phpbb 3.0.7 and before 3.0.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/19/5" + }, + { + "name": "http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445", + "refsource": "CONFIRM", + "url": "http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445" + }, + { + "name": "[oss-security] 20100517 CVE request: phpbb 3.0.7 and before 3.0.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/05/16/1" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1747.json b/2010/1xxx/CVE-2010-1747.json index d12665a95e7..c78b4e35785 100644 --- a/2010/1xxx/CVE-2010-1747.json +++ b/2010/1xxx/CVE-2010-1747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1930.json b/2010/1xxx/CVE-2010-1930.json index 499e1abcd27..ed5811abced 100644 --- a/2010/1xxx/CVE-2010-1930.json +++ b/2010/1xxx/CVE-2010-1930.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100623 CORE-2010-0316 - Novell iManager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511983/100/0/threaded" - }, - { - "name" : "14010", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14010" - }, - { - "name" : "http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities" - }, - { - "name" : "40485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40485" - }, - { - "name" : "65738", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65738" - }, - { - "name" : "1024152", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024152" - }, - { - "name" : "40281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40281" - }, - { - "name" : "ADV-2010-1575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1575" - }, - { - "name" : "imanager-tree-dos(59695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40485" + }, + { + "name": "ADV-2010-1575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1575" + }, + { + "name": "1024152", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024152" + }, + { + "name": "65738", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65738" + }, + { + "name": "http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities" + }, + { + "name": "imanager-tree-dos(59695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59695" + }, + { + "name": "14010", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14010" + }, + { + "name": "40281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40281" + }, + { + "name": "20100623 CORE-2010-0316 - Novell iManager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511983/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5013.json b/2010/5xxx/CVE-2010-5013.json index 7b623d87ec0..6aea4d733e9 100644 --- a/2010/5xxx/CVE-2010-5013.json +++ b/2010/5xxx/CVE-2010-5013.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13789", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13789" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/virtualrealestate-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/virtualrealestate-sql.txt" - }, - { - "name" : "40687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40687" - }, - { - "name" : "65415", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65415" - }, - { - "name" : "40166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40166" - }, - { - "name" : "8510", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8510" - }, - { - "name" : "virtrealestate-listingdetail-sql-injection(59290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8510", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8510" + }, + { + "name": "65415", + "refsource": "OSVDB", + "url": "http://osvdb.org/65415" + }, + { + "name": "40687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40687" + }, + { + "name": "13789", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13789" + }, + { + "name": "virtrealestate-listingdetail-sql-injection(59290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59290" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/virtualrealestate-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/virtualrealestate-sql.txt" + }, + { + "name": "40166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40166" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5102.json b/2010/5xxx/CVE-2010-5102.json index 88d651d0fe4..1569a6b5ce5 100644 --- a/2010/5xxx/CVE-2010-5102.json +++ b/2010/5xxx/CVE-2010-5102.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/13/2" - }, - { - "name" : "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/11/3" - }, - { - "name" : "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/10/7" - }, - { - "name" : "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/12/5" - }, - { - "name" : "http://bugs.typo3.org/view.php?id=16362", - "refsource" : "MISC", - "url" : "http://bugs.typo3.org/view.php?id=16362" - }, - { - "name" : "http://securesystems.ca/advisory.php?id=2010-001", - "refsource" : "MISC", - "url" : "http://securesystems.ca/advisory.php?id=2010-001" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/" - }, - { - "name" : "45470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45470" - }, - { - "name" : "70119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70119" - }, - { - "name" : "35770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35770" - }, - { - "name" : "typo3-unspecified-file-include(64180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.typo3.org/view.php?id=16362", + "refsource": "MISC", + "url": "http://bugs.typo3.org/view.php?id=16362" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/" + }, + { + "name": "70119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70119" + }, + { + "name": "45470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45470" + }, + { + "name": "typo3-unspecified-file-include(64180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180" + }, + { + "name": "35770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35770" + }, + { + "name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5" + }, + { + "name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2" + }, + { + "name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3" + }, + { + "name": "http://securesystems.ca/advisory.php?id=2010-001", + "refsource": "MISC", + "url": "http://securesystems.ca/advisory.php?id=2010-001" + }, + { + "name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5105.json b/2010/5xxx/CVE-2010-5105.json index 1ef05fb37ae..108adeb48d4 100644 --- a/2010/5xxx/CVE-2010-5105.json +++ b/2010/5xxx/CVE-2010-5105.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/06/3" - }, - { - "name" : "[oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/07/13" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621" - }, - { - "name" : "https://developer.blender.org/T22509", - "refsource" : "MISC", - "url" : "https://developer.blender.org/T22509" - }, - { - "name" : "openSUSE-SU-2013:0302", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/13" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621" + }, + { + "name": "[oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/06/3" + }, + { + "name": "https://developer.blender.org/T22509", + "refsource": "MISC", + "url": "https://developer.blender.org/T22509" + }, + { + "name": "openSUSE-SU-2013:0302", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00047.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0318.json b/2014/0xxx/CVE-2014-0318.json index 8eefc841c29..f2ba595368c 100644 --- a/2014/0xxx/CVE-2014-0318.json +++ b/2014/0xxx/CVE-2014-0318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-045" - }, - { - "name" : "69142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69142" - }, - { - "name" : "60673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69142" + }, + { + "name": "60673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60673" + }, + { + "name": "MS14-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-045" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0459.json b/2014/0xxx/CVE-2014-0459.json index 784cc2ef33f..9706768c028 100644 --- a/2014/0xxx/CVE-2014-0459.json +++ b/2014/0xxx/CVE-2014-0459.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66910" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "66910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66910" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0543.json b/2014/0xxx/CVE-2014-0543.json index 6444aae5399..646a06df805 100644 --- a/2014/0xxx/CVE-2014-0543.json +++ b/2014/0xxx/CVE-2014-0543.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-18.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-18.html" - }, - { - "name" : "GLSA-201408-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-05.xml" - }, - { - "name" : "1030712", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030712" - }, - { - "name" : "60710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60710" - }, - { - "name" : "60732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60710" + }, + { + "name": "60732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60732" + }, + { + "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-18.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-18.html" + }, + { + "name": "1030712", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030712" + }, + { + "name": "GLSA-201408-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0679.json b/2014/0xxx/CVE-2014-0679.json index 6393e4b2860..7dfd6fe9b85 100644 --- a/2014/0xxx/CVE-2014-0679.json +++ b/2014/0xxx/CVE-2014-0679.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140226 Cisco Prime Infrastructure Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140226 Cisco Prime Infrastructure Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0956.json b/2014/0xxx/CVE-2014-0956.json index 3a143827e82..1be3b5c953b 100644 --- a/2014/0xxx/CVE-2014-0956.json +++ b/2014/0xxx/CVE-2014-0956.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" - }, - { - "name" : "PI16040", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040" - }, - { - "name" : "ibm-websphere-cve20140956-xss(92629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572" + }, + { + "name": "ibm-websphere-cve20140956-xss(92629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629" + }, + { + "name": "PI16040", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10068.json b/2014/10xxx/CVE-2014-10068.json index 53422af326b..75e4ae726d0 100644 --- a/2014/10xxx/CVE-2014-10068.json +++ b/2014/10xxx/CVE-2014-10068.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2014-10068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "inert node module", - "version" : { - "version_data" : [ - { - "version_value" : "<1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2014-10068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "inert node module", + "version": { + "version_data": [ + { + "version_value": "<1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82" - }, - { - "name" : "https://github.com/hapijs/inert/pull/15", - "refsource" : "MISC", - "url" : "https://github.com/hapijs/inert/pull/15" - }, - { - "name" : "https://nodesecurity.io/advisories/14", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hapijs/inert/pull/15", + "refsource": "MISC", + "url": "https://github.com/hapijs/inert/pull/15" + }, + { + "name": "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82", + "refsource": "MISC", + "url": "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82" + }, + { + "name": "https://nodesecurity.io/advisories/14", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/14" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1214.json b/2014/1xxx/CVE-2014-1214.json index ae45678b3c5..dbd20d98dab 100644 --- a/2014/1xxx/CVE-2014-1214.json +++ b/2014/1xxx/CVE-2014-1214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1596.json b/2014/1xxx/CVE-2014-1596.json index cea340d72b6..2de3729b145 100644 --- a/2014/1xxx/CVE-2014-1596.json +++ b/2014/1xxx/CVE-2014-1596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1596", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1634.json b/2014/1xxx/CVE-2014-1634.json index 9a4fb8b557b..cd9e2a7a1a7 100644 --- a/2014/1xxx/CVE-2014-1634.json +++ b/2014/1xxx/CVE-2014-1634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1800.json b/2014/1xxx/CVE-2014-1800.json index 321bfc51f17..71e05977e7d 100644 --- a/2014/1xxx/CVE-2014-1800.json +++ b/2014/1xxx/CVE-2014-1800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67831" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67831" + }, + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4155.json b/2014/4xxx/CVE-2014-4155.json index 0d745fb9fe2..ba88e31af4c 100644 --- a/2014/4xxx/CVE-2014-4155.json +++ b/2014/4xxx/CVE-2014-4155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33803", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33803" - }, - { - "name" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" - }, - { - "name" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities" + }, + { + "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html" + }, + { + "name": "33803", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33803" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4376.json b/2014/4xxx/CVE-2014-4376.json index d8bcb45f756..b97bf990d86 100644 --- a/2014/4xxx/CVE-2014-4376.json +++ b/2014/4xxx/CVE-2014-4376.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=31", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=31" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "69906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69906" - }, - { - "name" : "1030868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030868" - }, - { - "name" : "macosx-cve20144376-code-exec(96051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-cve20144376-code-exec(96051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96051" + }, + { + "name": "69906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69906" + }, + { + "name": "1030868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030868" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=31", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=31" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4410.json b/2014/4xxx/CVE-2014-4410.json index 003abf76f4d..44d40bfee12 100644 --- a/2014/4xxx/CVE-2014-4410.json +++ b/2014/4xxx/CVE-2014-4410.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6440", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6440" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "http://support.apple.com/kb/HT6441", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6441" - }, - { - "name" : "http://support.apple.com/kb/HT6442", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6442" - }, - { - "name" : "APPLE-SA-2014-09-17-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" - }, - { - "name" : "APPLE-SA-2014-09-17-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" - }, - { - "name" : "69881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69881" - }, - { - "name" : "69966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69966" - }, - { - "name" : "1030866", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030866" - }, - { - "name" : "61306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61306" - }, - { - "name" : "61318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61318" - }, - { - "name" : "apple-cve20144410-code-exec(96030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69966" + }, + { + "name": "http://support.apple.com/kb/HT6441", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6441" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "1030866", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030866" + }, + { + "name": "apple-cve20144410-code-exec(96030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96030" + }, + { + "name": "http://support.apple.com/kb/HT6442", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6442" + }, + { + "name": "61318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61318" + }, + { + "name": "APPLE-SA-2014-09-17-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html" + }, + { + "name": "69881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69881" + }, + { + "name": "APPLE-SA-2014-09-17-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" + }, + { + "name": "http://support.apple.com/kb/HT6440", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6440" + }, + { + "name": "61306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61306" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4870.json b/2014/4xxx/CVE-2014-4870.json index 8ecfc72541c..f58f232a731 100644 --- a/2014/4xxx/CVE-2014-4870.json +++ b/2014/4xxx/CVE-2014-4870.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-4870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#111588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/111588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#111588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/111588" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5082.json b/2014/5xxx/CVE-2014-5082.json index 98e33dca829..3f04859c797 100644 --- a/2014/5xxx/CVE-2014-5082.json +++ b/2014/5xxx/CVE-2014-5082.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34189", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34189" - }, - { - "name" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127720/Sphider-Search-Engine-Command-Execution-SQL-Injection.html" + }, + { + "name": "34189", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34189" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10432.json b/2016/10xxx/CVE-2016-10432.json index 688108de631..6c4b21f4bb2 100644 --- a/2016/10xxx/CVE-2016-10432.json +++ b/2016/10xxx/CVE-2016-10432.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "TOCTOU while processing keystore requests" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TOCTOU while processing keystore requests" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3175.json b/2016/3xxx/CVE-2016-3175.json index 54c57f90bb8..b65a35d6a81 100644 --- a/2016/3xxx/CVE-2016-3175.json +++ b/2016/3xxx/CVE-2016-3175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3304.json b/2016/3xxx/CVE-2016-3304.json index 3ff7ce835aa..44bdab65479 100644 --- a/2016/3xxx/CVE-2016-3304.json +++ b/2016/3xxx/CVE-2016-3304.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3303." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40257", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40257/" - }, - { - "name" : "MS16-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097" - }, - { - "name" : "92302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92302" - }, - { - "name" : "1036564", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka \"Windows Graphics Component RCE Vulnerability,\" a different vulnerability than CVE-2016-3303." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92302" + }, + { + "name": "40257", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40257/" + }, + { + "name": "MS16-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097" + }, + { + "name": "1036564", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036564" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3504.json b/2016/3xxx/CVE-2016-3504.json index 78358584a26..752026f2e27 100644 --- a/2016/3xxx/CVE-2016-3504.json +++ b/2016/3xxx/CVE-2016-3504.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92023" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + }, + { + "name": "92023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92023" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3785.json b/2016/3xxx/CVE-2016-3785.json index 505fefa7e46..33ccf8f07f3 100644 --- a/2016/3xxx/CVE-2016-3785.json +++ b/2016/3xxx/CVE-2016-3785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3785", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3785", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7466.json b/2016/7xxx/CVE-2016-7466.json index 49b01c0c624..6c4e4ee2012 100644 --- a/2016/7xxx/CVE-2016-7466.json +++ b/2016/7xxx/CVE-2016-7466.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-7466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/19/8" - }, - { - "name" : "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/20/3" - }, - { - "name" : "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e" - }, - { - "name" : "GLSA-201611-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-11" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "openSUSE-SU-2016:3237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" - }, - { - "name" : "93029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/19/8" + }, + { + "name": "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/20/3" + }, + { + "name": "GLSA-201611-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-11" + }, + { + "name": "93029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93029" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "openSUSE-SU-2016:3237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e" + }, + { + "name": "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7892.json b/2016/7xxx/CVE-2016-7892.json index b3913b82933..cebe870c2f0 100644 --- a/2016/7xxx/CVE-2016-7892.json +++ b/2016/7xxx/CVE-2016-7892.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2016-7892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-7892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" - }, - { - "name" : "GLSA-201701-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-17" - }, - { - "name" : "MS16-154", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" - }, - { - "name" : "RHSA-2016:2947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" - }, - { - "name" : "SUSE-SU-2016:3148", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" - }, - { - "name" : "openSUSE-SU-2016:3160", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" - }, - { - "name" : "94877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94877" - }, - { - "name" : "1037442", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:3148", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" + }, + { + "name": "MS16-154", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" + }, + { + "name": "GLSA-201701-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-17" + }, + { + "name": "1037442", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037442" + }, + { + "name": "RHSA-2016:2947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" + }, + { + "name": "94877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94877" + }, + { + "name": "openSUSE-SU-2016:3160", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8073.json b/2016/8xxx/CVE-2016-8073.json index 1b7f043bc18..5312fa32cc9 100644 --- a/2016/8xxx/CVE-2016-8073.json +++ b/2016/8xxx/CVE-2016-8073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8073", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8073", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8131.json b/2016/8xxx/CVE-2016-8131.json index fa526de2e2d..29a76660979 100644 --- a/2016/8xxx/CVE-2016-8131.json +++ b/2016/8xxx/CVE-2016-8131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8131", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8131", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8596.json b/2016/8xxx/CVE-2016-8596.json index 6167bb7fb07..2b95576ba39 100644 --- a/2016/8xxx/CVE-2016-8596.json +++ b/2016/8xxx/CVE-2016-8596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GomSpace/libcsp/pull/80", - "refsource" : "MISC", - "url" : "https://github.com/GomSpace/libcsp/pull/80" - }, - { - "name" : "94226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GomSpace/libcsp/pull/80", + "refsource": "MISC", + "url": "https://github.com/GomSpace/libcsp/pull/80" + }, + { + "name": "94226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94226" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8926.json b/2016/8xxx/CVE-2016-8926.json index 23b0c4459d6..766e9b33b3c 100644 --- a/2016/8xxx/CVE-2016-8926.json +++ b/2016/8xxx/CVE-2016-8926.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Application Dependency Discovery Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.2.1" - }, - { - "version_value" : "7.2.2" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Application Dependency Discovery Manager", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.2.1" + }, + { + "version_value": "7.2.2" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001579&myns=swgtiv&mynp=OCSSPLFC&mync=E&cm_sp=swgtiv-_-OCSSPLFC-_-E" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9107.json b/2016/9xxx/CVE-2016-9107.json index fde44ae4d76..7c04f649154 100644 --- a/2016/9xxx/CVE-2016-9107.json +++ b/2016/9xxx/CVE-2016-9107.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161030 Re: gajim otr plugin cleartext leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/30/11" - }, - { - "name" : "[oss-security] 20161030 gajim otr plugin cleartext leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/30/2" - }, - { - "name" : "https://dev.gajim.org/gajim/gajim-plugins/issues/145", - "refsource" : "CONFIRM", - "url" : "https://dev.gajim.org/gajim/gajim-plugins/issues/145" - }, - { - "name" : "https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae", - "refsource" : "CONFIRM", - "url" : "https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae" - }, - { - "name" : "94099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae", + "refsource": "CONFIRM", + "url": "https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae" + }, + { + "name": "[oss-security] 20161030 gajim otr plugin cleartext leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/2" + }, + { + "name": "94099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94099" + }, + { + "name": "https://dev.gajim.org/gajim/gajim-plugins/issues/145", + "refsource": "CONFIRM", + "url": "https://dev.gajim.org/gajim/gajim-plugins/issues/145" + }, + { + "name": "[oss-security] 20161030 Re: gajim otr plugin cleartext leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/11" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9431.json b/2016/9xxx/CVE-2016-9431.json index b27afa8e9b2..558e413aaa0 100644 --- a/2016/9xxx/CVE-2016-9431.json +++ b/2016/9xxx/CVE-2016-9431.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3" - }, - { - "name" : "https://github.com/tats/w3m/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/tats/w3m/issues/10", - "refsource" : "CONFIRM", - "url" : "https://github.com/tats/w3m/issues/10" - }, - { - "name" : "GLSA-201701-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-08" - }, - { - "name" : "94407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-08" + }, + { + "name": "https://github.com/tats/w3m/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/blob/master/ChangeLog" + }, + { + "name": "https://github.com/tats/w3m/issues/10", + "refsource": "CONFIRM", + "url": "https://github.com/tats/w3m/issues/10" + }, + { + "name": "94407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94407" + }, + { + "name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/18/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9744.json b/2016/9xxx/CVE-2016-9744.json index 2573b048249..d32ef074006 100644 --- a/2016/9xxx/CVE-2016-9744.json +++ b/2016/9xxx/CVE-2016-9744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2129.json b/2019/2xxx/CVE-2019-2129.json index 15dbd643ff3..e5deaf31c43 100644 --- a/2019/2xxx/CVE-2019-2129.json +++ b/2019/2xxx/CVE-2019-2129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2129", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2129", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2516.json b/2019/2xxx/CVE-2019-2516.json index 05c26ff8934..d38c8d6295e 100644 --- a/2019/2xxx/CVE-2019-2516.json +++ b/2019/2xxx/CVE-2019-2516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2855.json b/2019/2xxx/CVE-2019-2855.json index ff3c4996533..774598289be 100644 --- a/2019/2xxx/CVE-2019-2855.json +++ b/2019/2xxx/CVE-2019-2855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6533.json b/2019/6xxx/CVE-2019-6533.json index be4e1724a96..bd1fc0265a2 100644 --- a/2019/6xxx/CVE-2019-6533.json +++ b/2019/6xxx/CVE-2019-6533.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2019-6533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PR100088 Modbus gateway", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to Release R02 (or Software Version 1.1.13166)" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2019-6533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PR100088 Modbus gateway", + "version": { + "version_data": [ + { + "version_value": "All versions prior to Release R02 (or Software Version 1.1.13166)" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6919.json b/2019/6xxx/CVE-2019-6919.json index a92469e97fd..c306116eb07 100644 --- a/2019/6xxx/CVE-2019-6919.json +++ b/2019/6xxx/CVE-2019-6919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file