diff --git a/2007/2xxx/CVE-2007-2311.json b/2007/2xxx/CVE-2007-2311.json index 8be4127951f..71975e87b82 100644 --- a/2007/2xxx/CVE-2007-2311.json +++ b/2007/2xxx/CVE-2007-2311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465739/100/0/threaded" - }, - { - "name" : "20070417 Re: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466016/100/200/threaded" - }, - { - "name" : "20070415 false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-April/001526.html" - }, - { - "name" : "2641", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070414 bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465739/100/0/threaded" + }, + { + "name": "20070415 false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-April/001526.html" + }, + { + "name": "2641", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2641" + }, + { + "name": "20070417 Re: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466016/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3073.json b/2007/3xxx/CVE-2007-3073.json index 94e58f4a20f..ff8fd17f335 100644 --- a/2007/3xxx/CVE-2007-3073.json +++ b/2007/3xxx/CVE-2007-3073.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 Unpatched input validation flaw in Firefox 2.0.0.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470500/100/0/threaded" - }, - { - "name" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/" - }, - { - "name" : "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/", - "refsource" : "MISC", - "url" : "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/" - }, - { - "name" : "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/", - "refsource" : "MISC", - "url" : "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=367428", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=367428" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380994" - }, - { - "name" : "35920", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35920" - }, - { - "name" : "25481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded" + }, + { + "name": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/", + "refsource": "MISC", + "url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/" + }, + { + "name": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/", + "refsource": "MISC", + "url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/" + }, + { + "name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994" + }, + { + "name": "25481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25481" + }, + { + "name": "35920", + "refsource": "OSVDB", + "url": "http://osvdb.org/35920" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3653.json b/2007/3xxx/CVE-2007-3653.json index cdb4cb02731..7a1b39e2d32 100644 --- a/2007/3xxx/CVE-2007-3653.json +++ b/2007/3xxx/CVE-2007-3653.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://descriptions.securescout.com/tc/17973", - "refsource" : "MISC", - "url" : "http://descriptions.securescout.com/tc/17973" - }, - { - "name" : "http://www.netvigilance.com/advisory0043", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0043" - }, - { - "name" : "faname-index-page-xss(43502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "faname-index-page-xss(43502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43502" + }, + { + "name": "http://www.netvigilance.com/advisory0043", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0043" + }, + { + "name": "http://descriptions.securescout.com/tc/17973", + "refsource": "MISC", + "url": "http://descriptions.securescout.com/tc/17973" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3797.json b/2007/3xxx/CVE-2007-3797.json index c3b31f835c3..b03044d55cd 100644 --- a/2007/3xxx/CVE-2007-3797.json +++ b/2007/3xxx/CVE-2007-3797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4016.json b/2007/4xxx/CVE-2007-4016.json index 700ecb2f729..752cde69d9c 100644 --- a/2007/4xxx/CVE-2007-4016.json +++ b/2007/4xxx/CVE-2007-4016.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX113815", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX113815" - }, - { - "name" : "http://support.citrix.com/article/CTX114028", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX114028" - }, - { - "name" : "24975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24975" - }, - { - "name" : "ADV-2007-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2583" - }, - { - "name" : "43983", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43983" - }, - { - "name" : "1018435", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018435" - }, - { - "name" : "26143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2583" + }, + { + "name": "26143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26143" + }, + { + "name": "43983", + "refsource": "OSVDB", + "url": "http://osvdb.org/43983" + }, + { + "name": "24975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24975" + }, + { + "name": "1018435", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018435" + }, + { + "name": "http://support.citrix.com/article/CTX113815", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX113815" + }, + { + "name": "http://support.citrix.com/article/CTX114028", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX114028" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6285.json b/2007/6xxx/CVE-2007-6285.json index e61c0d88e12..ef955040ff5 100644 --- a/2007/6xxx/CVE-2007-6285.json +++ b/2007/6xxx/CVE-2007-6285.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access \"important devices\" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=426218", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=426218" - }, - { - "name" : "FEDORA-2007-4707", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00726.html" - }, - { - "name" : "FEDORA-2007-4709", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00732.html" - }, - { - "name" : "MDVSA-2008:009", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:009" - }, - { - "name" : "RHSA-2007:1176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-1176.html" - }, - { - "name" : "RHSA-2007:1177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-1177.html" - }, - { - "name" : "26970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26970" - }, - { - "name" : "40442", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40442" - }, - { - "name" : "oval:org.mitre.oval:def:11457", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11457" - }, - { - "name" : "1019137", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019137" - }, - { - "name" : "28156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28156" - }, - { - "name" : "28456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28456" - }, - { - "name" : "28168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28168" - }, - { - "name" : "autofs-hostsmap-weak-securtiy(39188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access \"important devices\" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2007-4707", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00726.html" + }, + { + "name": "40442", + "refsource": "OSVDB", + "url": "http://osvdb.org/40442" + }, + { + "name": "FEDORA-2007-4709", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00732.html" + }, + { + "name": "28168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28168" + }, + { + "name": "28456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28456" + }, + { + "name": "RHSA-2007:1177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-1177.html" + }, + { + "name": "autofs-hostsmap-weak-securtiy(39188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39188" + }, + { + "name": "oval:org.mitre.oval:def:11457", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11457" + }, + { + "name": "RHSA-2007:1176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-1176.html" + }, + { + "name": "1019137", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019137" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=426218", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426218" + }, + { + "name": "26970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26970" + }, + { + "name": "MDVSA-2008:009", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:009" + }, + { + "name": "28156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28156" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6425.json b/2007/6xxx/CVE-2007-6425.json index 92e6de149cd..5684ea0c5a0 100644 --- a/2007/6xxx/CVE-2007-6425.json +++ b/2007/6xxx/CVE-2007-6425.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02306", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/486852/100/0/threaded" - }, - { - "name" : "SSRT071463", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/486852/100/0/threaded" - }, - { - "name" : "oval:org.mitre.oval:def:5436", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5436" - }, - { - "name" : "ADV-2008-0262", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0262" - }, - { - "name" : "1019260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019260" - }, - { - "name" : "28612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28612" - }, - { - "name" : "hpux-arpa-transport-dos(39858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019260" + }, + { + "name": "oval:org.mitre.oval:def:5436", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5436" + }, + { + "name": "ADV-2008-0262", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0262" + }, + { + "name": "HPSBUX02306", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/486852/100/0/threaded" + }, + { + "name": "SSRT071463", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/486852/100/0/threaded" + }, + { + "name": "28612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28612" + }, + { + "name": "hpux-arpa-transport-dos(39858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39858" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6526.json b/2007/6xxx/CVE-2007-6526.json index 1162b304308..5897bef1dce 100644 --- a/2007/6xxx/CVE-2007-6526.json +++ b/2007/6xxx/CVE-2007-6526.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071224 Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485483/100/0/threaded" - }, - { - "name" : "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html" - }, - { - "name" : "http://tikiwiki.org/ReleaseProcess199", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.org/ReleaseProcess199" - }, - { - "name" : "GLSA-200801-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-10.xml" - }, - { - "name" : "27004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27004" - }, - { - "name" : "41179", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41179" - }, - { - "name" : "28225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28225" - }, - { - "name" : "28602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28602" - }, - { - "name" : "3483", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41179", + "refsource": "OSVDB", + "url": "http://osvdb.org/41179" + }, + { + "name": "http://tikiwiki.org/ReleaseProcess199", + "refsource": "CONFIRM", + "url": "http://tikiwiki.org/ReleaseProcess199" + }, + { + "name": "27004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27004" + }, + { + "name": "28225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28225" + }, + { + "name": "28602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28602" + }, + { + "name": "GLSA-200801-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-10.xml" + }, + { + "name": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html", + "refsource": "MISC", + "url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html" + }, + { + "name": "20071224 Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded" + }, + { + "name": "3483", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3483" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6598.json b/2007/6xxx/CVE-2007-6598.json index e84181fe98c..c72863dde7b 100644 --- a/2007/6xxx/CVE-2007-6598.json +++ b/2007/6xxx/CVE-2007-6598.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 Re: rPSA-2008-0001-1 dovecot", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485787/100/0/threaded" - }, - { - "name" : "20080103 rPSA-2008-0001-1 dovecot", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485779/100/0/threaded" - }, - { - "name" : "[Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins", - "refsource" : "MLIST", - "url" : "http://dovecot.org/list/dovecot-news/2007-December/000057.html" - }, - { - "name" : "[Dovecot-news] 20071229 v1.0.10 released", - "refsource" : "MLIST", - "url" : "http://dovecot.org/list/dovecot-news/2007-December/000058.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2076", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2076" - }, - { - "name" : "DSA-1457", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1457" - }, - { - "name" : "RHSA-2008:0297", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0297.html" - }, - { - "name" : "SUSE-SR:2008:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html" - }, - { - "name" : "USN-567-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-567-1" - }, - { - "name" : "27093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27093" - }, - { - "name" : "oval:org.mitre.oval:def:10458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458" - }, - { - "name" : "30342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30342" - }, - { - "name" : "ADV-2008-0017", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0017" - }, - { - "name" : "39876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39876" - }, - { - "name" : "28227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28227" - }, - { - "name" : "28271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28271" - }, - { - "name" : "28404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28404" - }, - { - "name" : "28434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28434" - }, - { - "name" : "32151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28434" + }, + { + "name": "30342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30342" + }, + { + "name": "oval:org.mitre.oval:def:10458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10458" + }, + { + "name": "20080103 Re: rPSA-2008-0001-1 dovecot", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485787/100/0/threaded" + }, + { + "name": "RHSA-2008:0297", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html" + }, + { + "name": "USN-567-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-567-1" + }, + { + "name": "27093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27093" + }, + { + "name": "ADV-2008-0017", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0017" + }, + { + "name": "39876", + "refsource": "OSVDB", + "url": "http://osvdb.org/39876" + }, + { + "name": "SUSE-SR:2008:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html" + }, + { + "name": "20080103 rPSA-2008-0001-1 dovecot", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485779/100/0/threaded" + }, + { + "name": "DSA-1457", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1457" + }, + { + "name": "[Dovecot-news] 20071221 Security hole #4: Specific LDAP + auth cache configuration may mix up user logins", + "refsource": "MLIST", + "url": "http://dovecot.org/list/dovecot-news/2007-December/000057.html" + }, + { + "name": "32151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32151" + }, + { + "name": "28404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28404" + }, + { + "name": "28271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28271" + }, + { + "name": "[Dovecot-news] 20071229 v1.0.10 released", + "refsource": "MLIST", + "url": "http://dovecot.org/list/dovecot-news/2007-December/000058.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2076", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2076" + }, + { + "name": "28227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28227" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6685.json b/2007/6xxx/CVE-2007-6685.json index 2e986235a5d..6da45ef4167 100644 --- a/2007/6xxx/CVE-2007-6685.json +++ b/2007/6xxx/CVE-2007-6685.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.4_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.4_released" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217" - }, - { - "name" : "GLSA-200802-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml" - }, - { - "name" : "41675", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41675" - }, - { - "name" : "28898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_2.2.4_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.4_released" + }, + { + "name": "GLSA-200802-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-04.xml" + }, + { + "name": "28898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28898" + }, + { + "name": "41675", + "refsource": "OSVDB", + "url": "http://osvdb.org/41675" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203217", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203217" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1082.json b/2010/1xxx/CVE-2010-1082.json index ef5210283e7..1538d60b927 100644 --- a/2010/1xxx/CVE-2010-1082.json +++ b/2010/1xxx/CVE-2010-1082.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38726" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1488.json b/2010/1xxx/CVE-2010-1488.json index 8fcf7556585..a4e67c8abac 100644 --- a/2010/1xxx/CVE-2010-1488.json +++ b/2010/1xxx/CVE-2010-1488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100414 Couple of kernel issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/04/14/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b95c35e76b29ba812e5dabdd91592e25ec640e93", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b95c35e76b29ba812e5dabdd91592e25ec640e93" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=582068", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=582068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=582068", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582068" + }, + { + "name": "[oss-security] 20100414 Couple of kernel issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/04/14/1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b95c35e76b29ba812e5dabdd91592e25ec640e93", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b95c35e76b29ba812e5dabdd91592e25ec640e93" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1540.json b/2010/1xxx/CVE-2010-1540.json index bbf5ef419a1..81cca32b61a 100644 --- a/2010/1xxx/CVE-2010-1540.json +++ b/2010/1xxx/CVE-2010-1540.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11625", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11625" - }, - { - "name" : "38530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38530" - }, - { - "name" : "38777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38777" + }, + { + "name": "11625", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11625" + }, + { + "name": "38530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38530" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1977.json b/2010/1xxx/CVE-2010-1977.json index 9aaf556b8e2..d8b91d0b84b 100644 --- a/2010/1xxx/CVE-2010-1977.json +++ b/2010/1xxx/CVE-2010-1977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12083", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12083" - }, - { - "name" : "39243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39243" - }, - { - "name" : "39356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39356" + }, + { + "name": "39243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39243" + }, + { + "name": "12083", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12083" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5121.json b/2010/5xxx/CVE-2010-5121.json index b0ecc534517..9e446648b38 100644 --- a/2010/5xxx/CVE-2010-5121.json +++ b/2010/5xxx/CVE-2010-5121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5121", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5121", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5154.json b/2010/5xxx/CVE-2010-5154.json index b9f93504cef..f6a29e90198 100644 --- a/2010/5xxx/CVE-2010-5154.json +++ b/2010/5xxx/CVE-2010-5154.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" - }, - { - "name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" - }, - { - "name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", - "refsource" : "MISC", - "url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" - }, - { - "name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", - "refsource" : "MISC", - "url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" - }, - { - "name" : "http://www.f-secure.com/weblog/archives/00001949.html", - "refsource" : "MISC", - "url" : "http://www.f-secure.com/weblog/archives/00001949.html" - }, - { - "name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" - }, - { - "name" : "39924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39924" - }, - { - "name" : "67660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/67660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html" + }, + { + "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/", + "refsource": "MISC", + "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/" + }, + { + "name": "39924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39924" + }, + { + "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + }, + { + "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html" + }, + { + "name": "67660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/67660" + }, + { + "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/" + }, + { + "name": "http://www.f-secure.com/weblog/archives/00001949.html", + "refsource": "MISC", + "url": "http://www.f-secure.com/weblog/archives/00001949.html" + }, + { + "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php", + "refsource": "MISC", + "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0143.json b/2014/0xxx/CVE-2014-0143.json index 1a56b2e742a..4458780c1ca 100644 --- a/2014/0xxx/CVE-2014-0143.json +++ b/2014/0xxx/CVE-2014-0143.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079140", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079140" - }, - { - "name" : "DSA-3044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3044" - }, - { - "name" : "RHSA-2014:0420", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html" - }, - { - "name" : "RHSA-2014:0421", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079140", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079140" + }, + { + "name": "RHSA-2014:0420", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" + }, + { + "name": "RHSA-2014:0421", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=e3737b820b45e54b059656dc3f914f895ac7a88b" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=afbcc40bee4ef51731102d7d4b499ee12fc182e1" + }, + { + "name": "DSA-3044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3044" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=509a41bab5306181044b5fff02eadf96d9c8676a" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=db8a31d11d6a60f48d6817530640d75aa72a9a2f" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cab60de930684c33f67d4e32c7509b567f8c445b" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0192.json b/2014/0xxx/CVE-2014-0192.json index 7c009f1d54a..83ef810e6c5 100644 --- a/2014/0xxx/CVE-2014-0192.json +++ b/2014/0xxx/CVE-2014-0192.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to \"spoof.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092354", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092354" - }, - { - "name" : "http://projects.theforeman.org/issues/5436", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/5436" - }, - { - "name" : "http://theforeman.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to \"spoof.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://theforeman.org/security.html", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html" + }, + { + "name": "http://projects.theforeman.org/issues/5436", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/5436" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1092354", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092354" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0222.json b/2014/0xxx/CVE-2014-0222.json index 5c445794bb5..1591b42ff4a 100644 --- a/2014/0xxx/CVE-2014-0222.json +++ b/2014/0xxx/CVE-2014-0222.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222)", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html" - }, - { - "name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" - }, - { - "name" : "DSA-3044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3044" - }, - { - "name" : "FEDORA-2014-6288", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" - }, - { - "name" : "FEDORA-2014-6970", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" - }, - { - "name" : "SUSE-SU-2015:0929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1965", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" - }, - { - "name" : "67357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222)", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html" + }, + { + "name": "SUSE-SU-2015:0929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html" + }, + { + "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "name": "67357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67357" + }, + { + "name": "DSA-3044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3044" + }, + { + "name": "openSUSE-SU-2015:1965", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" + }, + { + "name": "FEDORA-2014-6970", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" + }, + { + "name": "FEDORA-2014-6288", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0233.json b/2014/0xxx/CVE-2014-0233.json index 9ba814e8c4b..01e7aec170f 100644 --- a/2014/0xxx/CVE-2014-0233.json +++ b/2014/0xxx/CVE-2014-0233.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1096955" - }, - { - "name" : "RHSA-2014:0529", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0529.html" - }, - { - "name" : "RHSA-2014:0530", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0530.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0530", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0530.html" + }, + { + "name": "RHSA-2014:0529", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0529.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0253.json b/2014/0xxx/CVE-2014-0253.json index 5eab42b0b60..734c5a35fa8 100644 --- a/2014/0xxx/CVE-2014-0253.json +++ b/2014/0xxx/CVE-2014-0253.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka \"POST Request DoS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" - }, - { - "name" : "65415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65415" - }, - { - "name" : "103162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103162" - }, - { - "name" : "1029745", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029745" - }, - { - "name" : "56793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka \"POST Request DoS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029745", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029745" + }, + { + "name": "103162", + "refsource": "OSVDB", + "url": "http://osvdb.org/103162" + }, + { + "name": "65415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65415" + }, + { + "name": "56793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56793" + }, + { + "name": "MS14-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0379.json b/2014/0xxx/CVE-2014-0379.json index cd82f1b681b..366b302a71c 100644 --- a/2014/0xxx/CVE-2014-0379.json +++ b/2014/0xxx/CVE-2014-0379.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31994", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/31994" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64857" - }, - { - "name" : "102097", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102097" - }, - { - "name" : "1029620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029620" - }, - { - "name" : "56474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029620" + }, + { + "name": "64857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64857" + }, + { + "name": "56474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56474" + }, + { + "name": "102097", + "refsource": "OSVDB", + "url": "http://osvdb.org/102097" + }, + { + "name": "31994", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/31994" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0870.json b/2014/0xxx/CVE-2014-0870.json index a8f4a57dda6..aaa1ef26bf0 100644 --- a/2014/0xxx/CVE-2014-0870.json +++ b/2014/0xxx/CVE-2014-0870.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded" - }, - { - "name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/173" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" - }, - { - "name" : "59296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59296" - }, - { - "name" : "ibm-aclm-cve20140870-xss(90944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html" + }, + { + "name": "ibm-aclm-cve20140870-xss(90944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90944" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded" + }, + { + "name": "59296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59296" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt" + }, + { + "name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/173" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1267.json b/2014/1xxx/CVE-2014-1267.json index 094bd26dda2..5d549383c1e 100644 --- a/2014/1xxx/CVE-2014-1267.json +++ b/2014/1xxx/CVE-2014-1267.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6163" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1412.json b/2014/1xxx/CVE-2014-1412.json index c73c2502f75..c4e24c6c237 100644 --- a/2014/1xxx/CVE-2014-1412.json +++ b/2014/1xxx/CVE-2014-1412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1412", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1412", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5013.json b/2014/5xxx/CVE-2014-5013.json index a1aac5781de..a57f7336806 100644 --- a/2014/5xxx/CVE-2014-5013.json +++ b/2014/5xxx/CVE-2014-5013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5241.json b/2014/5xxx/CVE-2014-5241.json index eb3e2e772a1..23f65612a9f 100644 --- a/2014/5xxx/CVE-2014-5241.json +++ b/2014/5xxx/CVE-2014-5241.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/08/14/5" - }, - { - "name" : "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0309.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0309.html" - }, - { - "name" : "DSA-3011", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3011" - }, - { - "name" : "MDVSA-2014:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153" - }, - { - "name" : "59738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[MediaWiki-announce] 20140730 MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html" + }, + { + "name": "DSA-3011", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3011" + }, + { + "name": "MDVSA-2014:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:153" + }, + { + "name": "59738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59738" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=68187" + }, + { + "name": "[oss-security] 20140814 Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/08/14/5" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0309.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0309.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5309.json b/2014/5xxx/CVE-2014-5309.json index 54b15c77e8f..abf21972cb3 100644 --- a/2014/5xxx/CVE-2014-5309.json +++ b/2014/5xxx/CVE-2014-5309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5381.json b/2014/5xxx/CVE-2014-5381.json index fd525ce4588..d2c852cbca6 100644 --- a/2014/5xxx/CVE-2014-5381.json +++ b/2014/5xxx/CVE-2014-5381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5740.json b/2014/5xxx/CVE-2014-5740.json index a04aa9981a1..70459f285dd 100644 --- a/2014/5xxx/CVE-2014-5740.json +++ b/2014/5xxx/CVE-2014-5740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#231113", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/231113" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#231113", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/231113" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2632.json b/2015/2xxx/CVE-2015-2632.json index f294a57b338..bfbd5c724d2 100644 --- a/2015/2xxx/CVE-2015-2632.json +++ b/2015/2xxx/CVE-2015-2632.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "DSA-3339", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3339" - }, - { - "name" : "DSA-3316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3316" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201701-58", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-58" - }, - { - "name" : "RHSA-2015:1526", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1526.html" - }, - { - "name" : "RHSA-2015:1228", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1228.html" - }, - { - "name" : "RHSA-2015:1229", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1229.html" - }, - { - "name" : "RHSA-2015:1230", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1230.html" - }, - { - "name" : "RHSA-2015:1241", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1241.html" - }, - { - "name" : "RHSA-2015:1242", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1242.html" - }, - { - "name" : "RHSA-2015:1243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1243.html" - }, - { - "name" : "RHSA-2015:1485", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html" - }, - { - "name" : "RHSA-2015:1486", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1486.html" - }, - { - "name" : "RHSA-2015:1488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html" - }, - { - "name" : "RHSA-2015:1544", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1544.html" - }, - { - "name" : "RHSA-2015:1604", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1604.html" - }, - { - "name" : "SUSE-SU-2015:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" - }, - { - "name" : "SUSE-SU-2015:1320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" - }, - { - "name" : "openSUSE-SU-2015:1288", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" - }, - { - "name" : "openSUSE-SU-2015:1289", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" - }, - { - "name" : "USN-2740-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2740-1" - }, - { - "name" : "USN-2696-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2696-1" - }, - { - "name" : "USN-2706-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2706-1" - }, - { - "name" : "75861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75861" - }, - { - "name" : "1032910", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "75861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75861" + }, + { + "name": "RHSA-2015:1229", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html" + }, + { + "name": "1032910", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032910" + }, + { + "name": "USN-2706-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2706-1" + }, + { + "name": "RHSA-2015:1526", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html" + }, + { + "name": "RHSA-2015:1485", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html" + }, + { + "name": "RHSA-2015:1544", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html" + }, + { + "name": "openSUSE-SU-2015:1289", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" + }, + { + "name": "RHSA-2015:1228", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html" + }, + { + "name": "DSA-3316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3316" + }, + { + "name": "USN-2740-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2740-1" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "GLSA-201701-58", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-58" + }, + { + "name": "RHSA-2015:1486", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "USN-2696-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2696-1" + }, + { + "name": "DSA-3339", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3339" + }, + { + "name": "RHSA-2015:1242", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html" + }, + { + "name": "RHSA-2015:1488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html" + }, + { + "name": "SUSE-SU-2015:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" + }, + { + "name": "SUSE-SU-2015:1320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" + }, + { + "name": "openSUSE-SU-2015:1288", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" + }, + { + "name": "RHSA-2015:1241", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html" + }, + { + "name": "RHSA-2015:1230", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html" + }, + { + "name": "RHSA-2015:1604", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3038.json b/2016/3xxx/CVE-2016-3038.json index ec01d978304..00722c3ed8d 100644 --- a/2016/3xxx/CVE-2016-3038.json +++ b/2016/3xxx/CVE-2016-3038.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos TM1", - "version" : { - "version_data" : [ - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.2.0.2" - }, - { - "version_value" : "10.2.2" - }, - { - "version_value" : "10.1.1.2" - }, - { - "version_value" : "10.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos TM1", + "version": { + "version_data": [ + { + "version_value": "10.1" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.2.0.2" + }, + { + "version_value": "10.2.2" + }, + { + "version_value": "10.1.1.2" + }, + { + "version_value": "10.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999649", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999649" - }, - { - "name" : "97915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999649", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999649" + }, + { + "name": "97915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97915" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3598.json b/2016/3xxx/CVE-2016-3598.json index 6f23bf241f4..e15c5eca66d 100644 --- a/2016/3xxx/CVE-2016-3598.json +++ b/2016/3xxx/CVE-2016-3598.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160721-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160721-0001/" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "GLSA-201701-43", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-43" - }, - { - "name" : "RHSA-2016:1458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1458" - }, - { - "name" : "RHSA-2016:1475", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1475" - }, - { - "name" : "RHSA-2016:1504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1504.html" - }, - { - "name" : "RHSA-2016:1587", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1587.html" - }, - { - "name" : "RHSA-2016:1588", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1588.html" - }, - { - "name" : "RHSA-2016:1589", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1589.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "SUSE-SU-2016:2261", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:2286", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html" - }, - { - "name" : "SUSE-SU-2016:1997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2016:2012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1979", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:2050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" - }, - { - "name" : "openSUSE-SU-2016:2051", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" - }, - { - "name" : "openSUSE-SU-2016:2052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:2058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" - }, - { - "name" : "USN-3043-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3043-1" - }, - { - "name" : "USN-3062-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3062-1" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91918" - }, - { - "name" : "1036365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3043-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3043-1" + }, + { + "name": "SUSE-SU-2016:2261", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "91918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91918" + }, + { + "name": "SUSE-SU-2016:2012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2016:2052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160721-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160721-0001/" + }, + { + "name": "RHSA-2016:1475", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1475" + }, + { + "name": "SUSE-SU-2016:2286", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html" + }, + { + "name": "openSUSE-SU-2016:2051", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html" + }, + { + "name": "RHSA-2016:1587", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html" + }, + { + "name": "1036365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036365" + }, + { + "name": "GLSA-201701-43", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-43" + }, + { + "name": "RHSA-2016:1589", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html" + }, + { + "name": "USN-3062-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3062-1" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "SUSE-SU-2016:1997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "RHSA-2016:1458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1458" + }, + { + "name": "openSUSE-SU-2016:2050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html" + }, + { + "name": "openSUSE-SU-2016:1979", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html" + }, + { + "name": "RHSA-2016:1588", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html" + }, + { + "name": "openSUSE-SU-2016:2058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html" + }, + { + "name": "RHSA-2016:1504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4151.json b/2016/4xxx/CVE-2016-4151.json index 90688642c50..5098d54a712 100644 --- a/2016/4xxx/CVE-2016-4151.json +++ b/2016/4xxx/CVE-2016-4151.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4989.json b/2016/4xxx/CVE-2016-4989.json index 332d97a0efc..e0e52a3c67f 100644 --- a/2016/4xxx/CVE-2016-4989.json +++ b/2016/4xxx/CVE-2016-4989.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160621 SELinux troubles", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2016/q2/574" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1346461", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1346461" - }, - { - "name" : "https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f", - "refsource" : "CONFIRM", - "url" : "https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f" - }, - { - "name" : "https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad", - "refsource" : "CONFIRM", - "url" : "https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad" - }, - { - "name" : "RHSA-2016:1267", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2016-1267.html" - }, - { - "name" : "RHSA-2016:1293", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1293" - }, - { - "name" : "1036144", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id/1036144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346461", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346461" + }, + { + "name": "RHSA-2016:1267", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2016-1267.html" + }, + { + "name": "https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad", + "refsource": "CONFIRM", + "url": "https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad" + }, + { + "name": "[oss-security] 20160621 SELinux troubles", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2016/q2/574" + }, + { + "name": "RHSA-2016:1293", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1293" + }, + { + "name": "1036144", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id/1036144" + }, + { + "name": "https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f", + "refsource": "CONFIRM", + "url": "https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8018.json b/2016/8xxx/CVE-2016-8018.json index c1c59054bda..7fba0ddab04 100644 --- a/2016/8xxx/CVE-2016-8018.json +++ b/2016/8xxx/CVE-2016-8018.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8051.json b/2016/8xxx/CVE-2016-8051.json index 3bd590c9583..eb0aaa688d9 100644 --- a/2016/8xxx/CVE-2016-8051.json +++ b/2016/8xxx/CVE-2016-8051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8051", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8051", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8480.json b/2016/8xxx/CVE-2016-8480.json index 3122639d23c..f0d779677be 100644 --- a/2016/8xxx/CVE-2016-8480.json +++ b/2016/8xxx/CVE-2016-8480.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96101" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96101" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8534.json b/2016/8xxx/CVE-2016-8534.json index f6a8f901980..bb3158a598e 100644 --- a/2016/8xxx/CVE-2016-8534.json +++ b/2016/8xxx/CVE-2016-8534.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2016-8534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege elevation" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2016-8534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8812.json b/2016/8xxx/CVE-2016-8812.json index 8a15321efd4..7c4b336d02e 100644 --- a/2016/8xxx/CVE-2016-8812.json +++ b/2016/8xxx/CVE-2016-8812.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40660", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40660/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "93986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys) allowing a user to cause a stack buffer overflow with specially crafted executable paths, leading to a denial of service or escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93986" + }, + { + "name": "40660", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40660/" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9512.json b/2016/9xxx/CVE-2016-9512.json index 442c383f047..952d55ddbc5 100644 --- a/2016/9xxx/CVE-2016-9512.json +++ b/2016/9xxx/CVE-2016-9512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9512", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9512", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9534.json b/2016/9xxx/CVE-2016-9534.json index 2b77f4d9893..bffaaa702ce 100644 --- a/2016/9xxx/CVE-2016-9534.json +++ b/2016/9xxx/CVE-2016-9534.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "RHSA-2017:0225", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0225.html" - }, - { - "name" : "94484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94484" - }, - { - "name" : "94743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94743" + }, + { + "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba" + }, + { + "name": "RHSA-2017:0225", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html" + }, + { + "name": "94484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94484" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9726.json b/2016/9xxx/CVE-2016-9726.json index 4ed04c4c27d..1beafb13614 100644 --- a/2016/9xxx/CVE-2016-9726.json +++ b/2016/9xxx/CVE-2016-9726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IBM Security QRadar SIEM 7.1 MR1, 7.1, 7.0, 7.2, 7.1 MR2, 7, 7.1 MR2, 7.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "IBM Security QRadar SIEM 7.1 MR1, 7.1, 7.0, 7.2, 7.1 MR2, 7, 7.1 MR2, 7.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IBM Security QRadar SIEM 7.1 MR1, 7.1, 7.0, 7.2, 7.1 MR2, 7, 7.1 MR2, 7.2.3", + "version": { + "version_data": [ + { + "version_value": "IBM Security QRadar SIEM 7.1 MR1, 7.1, 7.0, 7.2, 7.1 MR2, 7, 7.1 MR2, 7.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999542", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999542", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999542" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9825.json b/2016/9xxx/CVE-2016-9825.json index 50bc6c3079b..6c0aebc2d85 100644 --- a/2016/9xxx/CVE-2016-9825.json +++ b/2016/9xxx/CVE-2016-9825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" - }, - { - "name" : "94732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94732" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9994.json b/2016/9xxx/CVE-2016-9994.json index c0b2ed1aeca..96d5f1bd9ee 100644 --- a/2016/9xxx/CVE-2016-9994.json +++ b/2016/9xxx/CVE-2016-9994.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LCMS Premier on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.3.0" - }, - { - "version_value" : "9.4.0" - }, - { - "version_value" : "9.5.0" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LCMS Premier on Cloud", + "version": { + "version_data": [ + { + "version_value": "" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.3.0" + }, + { + "version_value": "9.4.0" + }, + { + "version_value": "9.5.0" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21976805", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21976805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21976805", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21976805" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2092.json b/2019/2xxx/CVE-2019-2092.json index dca7cb6748a..94fbfbefdf7 100644 --- a/2019/2xxx/CVE-2019-2092.json +++ b/2019/2xxx/CVE-2019-2092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2517.json b/2019/2xxx/CVE-2019-2517.json index a428cdc2710..41649734d65 100644 --- a/2019/2xxx/CVE-2019-2517.json +++ b/2019/2xxx/CVE-2019-2517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2675.json b/2019/2xxx/CVE-2019-2675.json index 1ed961e9c5e..483d2e3c4ff 100644 --- a/2019/2xxx/CVE-2019-2675.json +++ b/2019/2xxx/CVE-2019-2675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6039.json b/2019/6xxx/CVE-2019-6039.json index 6220d1240f0..45c26ea4c88 100644 --- a/2019/6xxx/CVE-2019-6039.json +++ b/2019/6xxx/CVE-2019-6039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6241.json b/2019/6xxx/CVE-2019-6241.json index 8d54be01ce9..0094af0b151 100644 --- a/2019/6xxx/CVE-2019-6241.json +++ b/2019/6xxx/CVE-2019-6241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6618.json b/2019/6xxx/CVE-2019-6618.json index f38bf52abb1..ba4e70717ad 100644 --- a/2019/6xxx/CVE-2019-6618.json +++ b/2019/6xxx/CVE-2019-6618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6641.json b/2019/6xxx/CVE-2019-6641.json index 7d9c4055ac6..32ac498a097 100644 --- a/2019/6xxx/CVE-2019-6641.json +++ b/2019/6xxx/CVE-2019-6641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6641", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6969.json b/2019/6xxx/CVE-2019-6969.json index 824bd62a6e0..c12224c808d 100644 --- a/2019/6xxx/CVE-2019-6969.json +++ b/2019/6xxx/CVE-2019-6969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7171.json b/2019/7xxx/CVE-2019-7171.json index 4878e7f9a44..d00e9d13161 100644 --- a/2019/7xxx/CVE-2019-7171.json +++ b/2019/7xxx/CVE-2019-7171.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/croogo/croogo/issues/887", - "refsource" : "MISC", - "url" : "https://github.com/croogo/croogo/issues/887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/croogo/croogo/issues/887", + "refsource": "MISC", + "url": "https://github.com/croogo/croogo/issues/887" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7415.json b/2019/7xxx/CVE-2019-7415.json index dc3eb92f057..bf106bd9143 100644 --- a/2019/7xxx/CVE-2019-7415.json +++ b/2019/7xxx/CVE-2019-7415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7465.json b/2019/7xxx/CVE-2019-7465.json index 24d4faefc55..f153c49383e 100644 --- a/2019/7xxx/CVE-2019-7465.json +++ b/2019/7xxx/CVE-2019-7465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7733.json b/2019/7xxx/CVE-2019-7733.json index 45807d3fba3..5b5224ceb1b 100644 --- a/2019/7xxx/CVE-2019-7733.json +++ b/2019/7xxx/CVE-2019-7733.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rgaufman/live555/issues/21", - "refsource" : "MISC", - "url" : "https://github.com/rgaufman/live555/issues/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rgaufman/live555/issues/21", + "refsource": "MISC", + "url": "https://github.com/rgaufman/live555/issues/21" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7975.json b/2019/7xxx/CVE-2019-7975.json index a7eca7ef098..1cedfde0876 100644 --- a/2019/7xxx/CVE-2019-7975.json +++ b/2019/7xxx/CVE-2019-7975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file