From bf244bee9679234367134dee6df48b6209d1e5ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:46:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5010.json | 180 +++++------ 2006/5xxx/CVE-2006-5252.json | 150 +++++----- 2006/5xxx/CVE-2006-5412.json | 160 +++++----- 2006/5xxx/CVE-2006-5859.json | 170 +++++------ 2006/5xxx/CVE-2006-5864.json | 500 +++++++++++++++---------------- 2007/2xxx/CVE-2007-2062.json | 160 +++++----- 2007/2xxx/CVE-2007-2501.json | 180 +++++------ 2007/2xxx/CVE-2007-2548.json | 150 +++++----- 2007/2xxx/CVE-2007-2855.json | 150 +++++----- 2007/2xxx/CVE-2007-2874.json | 150 +++++----- 2007/2xxx/CVE-2007-2969.json | 140 ++++----- 2007/2xxx/CVE-2007-2975.json | 160 +++++----- 2007/3xxx/CVE-2007-3159.json | 160 +++++----- 2007/3xxx/CVE-2007-3520.json | 170 +++++------ 2007/6xxx/CVE-2007-6175.json | 180 +++++------ 2007/6xxx/CVE-2007-6482.json | 190 ++++++------ 2007/6xxx/CVE-2007-6608.json | 200 ++++++------- 2010/0xxx/CVE-2010-0357.json | 200 ++++++------- 2010/0xxx/CVE-2010-0670.json | 130 ++++---- 2010/0xxx/CVE-2010-0850.json | 230 +++++++------- 2010/1xxx/CVE-2010-1444.json | 140 ++++----- 2010/1xxx/CVE-2010-1465.json | 140 ++++----- 2010/1xxx/CVE-2010-1586.json | 140 ++++----- 2010/1xxx/CVE-2010-1807.json | 330 ++++++++++---------- 2010/1xxx/CVE-2010-1984.json | 170 +++++------ 2010/5xxx/CVE-2010-5263.json | 130 ++++---- 2014/0xxx/CVE-2014-0051.json | 34 +-- 2014/0xxx/CVE-2014-0216.json | 140 ++++----- 2014/0xxx/CVE-2014-0626.json | 120 ++++---- 2014/0xxx/CVE-2014-0633.json | 120 ++++---- 2014/0xxx/CVE-2014-0802.json | 130 ++++---- 2014/0xxx/CVE-2014-0995.json | 190 ++++++------ 2014/100xxx/CVE-2014-100034.json | 140 ++++----- 2014/1xxx/CVE-2014-1780.json | 140 ++++----- 2014/4xxx/CVE-2014-4015.json | 34 +-- 2014/4xxx/CVE-2014-4028.json | 34 +-- 2014/5xxx/CVE-2014-5011.json | 34 +-- 2014/5xxx/CVE-2014-5056.json | 34 +-- 2014/5xxx/CVE-2014-5456.json | 150 +++++----- 2014/5xxx/CVE-2014-5831.json | 140 ++++----- 2016/10xxx/CVE-2016-10333.json | 140 ++++----- 2016/10xxx/CVE-2016-10601.json | 122 ++++---- 2016/3xxx/CVE-2016-3536.json | 160 +++++----- 2016/3xxx/CVE-2016-3690.json | 150 +++++----- 2016/3xxx/CVE-2016-3801.json | 120 ++++---- 2016/3xxx/CVE-2016-3827.json | 140 ++++----- 2016/8xxx/CVE-2016-8665.json | 34 +-- 2016/8xxx/CVE-2016-8702.json | 160 +++++----- 2016/8xxx/CVE-2016-8838.json | 34 +-- 2016/9xxx/CVE-2016-9125.json | 150 +++++----- 2016/9xxx/CVE-2016-9134.json | 140 ++++----- 2016/9xxx/CVE-2016-9614.json | 34 +-- 2016/9xxx/CVE-2016-9736.json | 168 +++++------ 2016/9xxx/CVE-2016-9779.json | 34 +-- 2019/2xxx/CVE-2019-2103.json | 34 +-- 2019/2xxx/CVE-2019-2173.json | 34 +-- 2019/2xxx/CVE-2019-2192.json | 34 +-- 2019/2xxx/CVE-2019-2423.json | 148 ++++----- 2019/2xxx/CVE-2019-2801.json | 34 +-- 2019/6xxx/CVE-2019-6129.json | 120 ++++---- 2019/6xxx/CVE-2019-6292.json | 120 ++++---- 2019/6xxx/CVE-2019-6931.json | 34 +-- 62 files changed, 4172 insertions(+), 4172 deletions(-) diff --git a/2006/5xxx/CVE-2006-5010.json b/2006/5xxx/CVE-2006-5010.json index 408ad3a1b7a..8b0757263b3 100644 --- a/2006/5xxx/CVE-2006-5010.json +++ b/2006/5xxx/CVE-2006-5010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IY88681", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88681" - }, - { - "name" : "ADV-2006-3770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3770" - }, - { - "name" : "ADV-2006-3871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3871" - }, - { - "name" : "1016965", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016965" - }, - { - "name" : "22213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22213" - }, - { - "name" : "aix-acctctl-command-execution(29163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016965", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016965" + }, + { + "name": "22213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22213" + }, + { + "name": "aix-acctctl-command-execution(29163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29163" + }, + { + "name": "ADV-2006-3871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3871" + }, + { + "name": "ADV-2006-3770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3770" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + }, + { + "name": "IY88681", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88681" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5252.json b/2006/5xxx/CVE-2006-5252.json index 0ba495ea4cc..fa33fbeb9b6 100644 --- a/2006/5xxx/CVE-2006-5252.json +++ b/2006/5xxx/CVE-2006-5252.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rahim.webd.pl/exploity/Exploits/96.txt", - "refsource" : "MISC", - "url" : "http://www.rahim.webd.pl/exploity/Exploits/96.txt" - }, - { - "name" : "20421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20421" - }, - { - "name" : "29587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29587" - }, - { - "name" : "22318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rahim.webd.pl/exploity/Exploits/96.txt", + "refsource": "MISC", + "url": "http://www.rahim.webd.pl/exploity/Exploits/96.txt" + }, + { + "name": "22318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22318" + }, + { + "name": "29587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29587" + }, + { + "name": "20421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20421" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5412.json b/2006/5xxx/CVE-2006-5412.json index 9229a7878af..8d48b3ceba7 100644 --- a/2006/5xxx/CVE-2006-5412.json +++ b/2006/5xxx/CVE-2006-5412.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2588", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2588" - }, - { - "name" : "20596", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20596" - }, - { - "name" : "ADV-2006-4085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4085" - }, - { - "name" : "22466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22466" - }, - { - "name" : "easynews-admin-code-execution(29656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4085" + }, + { + "name": "easynews-admin-code-execution(29656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29656" + }, + { + "name": "2588", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2588" + }, + { + "name": "22466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22466" + }, + { + "name": "20596", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20596" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5859.json b/2006/5xxx/CVE-2006-5859.json index 5504576cd06..1f8d95246ab 100644 --- a/2006/5xxx/CVE-2006-5859.json +++ b/2006/5xxx/CVE-2006-5859.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-03.html" - }, - { - "name" : "22544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22544" - }, - { - "name" : "ADV-2007-0592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0592" - }, - { - "name" : "32121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32121" - }, - { - "name" : "1017644", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017644" - }, - { - "name" : "24115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-03.html" + }, + { + "name": "24115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24115" + }, + { + "name": "32121", + "refsource": "OSVDB", + "url": "http://osvdb.org/32121" + }, + { + "name": "1017644", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017644" + }, + { + "name": "22544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22544" + }, + { + "name": "ADV-2007-0592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0592" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5864.json b/2006/5xxx/CVE-2006-5864.json index 0e89a5c941a..967b8827ec9 100644 --- a/2006/5xxx/CVE-2006-5864.json +++ b/2006/5xxx/CVE-2006-5864.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061109 GNU gv Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451057/100/0/threaded" - }, - { - "name" : "20061112 Re: GNU gv Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451422/100/200/threaded" - }, - { - "name" : "20061128 evince buffer overflow exploit (gv)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452868/100/0/threaded" - }, - { - "name" : "2858", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2858" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-850", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-850" - }, - { - "name" : "DSA-1214", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1214" - }, - { - "name" : "DSA-1243", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1243" - }, - { - "name" : "GLSA-200611-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-20.xml" - }, - { - "name" : "GLSA-200703-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-24.xml" - }, - { - "name" : "GLSA-200704-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200704-06.xml" - }, - { - "name" : "MDKSA-2006:214", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:214" - }, - { - "name" : "MDKSA-2006:229", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:229" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "SUSE-SR:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_28_sr.html" - }, - { - "name" : "SUSE-SR:2006:029", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_29_sr.html" - }, - { - "name" : "USN-390-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-390-1" - }, - { - "name" : "USN-390-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-390-2" - }, - { - "name" : "USN-390-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-390-3" - }, - { - "name" : "VU#352825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/352825" - }, - { - "name" : "20978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20978" - }, - { - "name" : "ADV-2006-4424", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4424" - }, - { - "name" : "ADV-2006-4747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4747" - }, - { - "name" : "22787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22787" - }, - { - "name" : "23006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23006" - }, - { - "name" : "23018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23018" - }, - { - "name" : "23118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23118" - }, - { - "name" : "23111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23111" - }, - { - "name" : "23183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23183" - }, - { - "name" : "23266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23266" - }, - { - "name" : "23306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23306" - }, - { - "name" : "23353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23353" - }, - { - "name" : "23335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23335" - }, - { - "name" : "23409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23409" - }, - { - "name" : "23579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23579" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "24787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24787" - }, - { - "name" : "24649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24649" - }, - { - "name" : "gnu-gv-buffer-overflow(30153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30153" - }, - { - "name" : "evince-postscript-bo(30555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnu-gv-buffer-overflow(30153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30153" + }, + { + "name": "DSA-1214", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1214" + }, + { + "name": "23018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23018" + }, + { + "name": "ADV-2006-4424", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4424" + }, + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "2858", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2858" + }, + { + "name": "23353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23353" + }, + { + "name": "23306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23306" + }, + { + "name": "23266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23266" + }, + { + "name": "23579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23579" + }, + { + "name": "24787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24787" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "SUSE-SR:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html" + }, + { + "name": "23409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23409" + }, + { + "name": "GLSA-200704-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200704-06.xml" + }, + { + "name": "GLSA-200703-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-24.xml" + }, + { + "name": "USN-390-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-390-2" + }, + { + "name": "23335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23335" + }, + { + "name": "ADV-2006-4747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4747" + }, + { + "name": "VU#352825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/352825" + }, + { + "name": "20061109 GNU gv Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451057/100/0/threaded" + }, + { + "name": "23111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23111" + }, + { + "name": "23183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23183" + }, + { + "name": "DSA-1243", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1243" + }, + { + "name": "20978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20978" + }, + { + "name": "GLSA-200611-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-20.xml" + }, + { + "name": "20061112 Re: GNU gv Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451422/100/200/threaded" + }, + { + "name": "MDKSA-2006:214", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:214" + }, + { + "name": "23006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23006" + }, + { + "name": "22787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22787" + }, + { + "name": "https://issues.rpath.com/browse/RPL-850", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-850" + }, + { + "name": "evince-postscript-bo(30555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30555" + }, + { + "name": "23118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23118" + }, + { + "name": "24649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24649" + }, + { + "name": "SUSE-SR:2006:029", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html" + }, + { + "name": "20061128 evince buffer overflow exploit (gv)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452868/100/0/threaded" + }, + { + "name": "MDKSA-2006:229", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:229" + }, + { + "name": "USN-390-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-390-3" + }, + { + "name": "USN-390-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-390-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2062.json b/2007/2xxx/CVE-2007-2062.json index b002177e79e..006d8c976ed 100644 --- a/2007/2xxx/CVE-2007-2062.json +++ b/2007/2xxx/CVE-2007-2062.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465725/100/0/threaded" - }, - { - "name" : "3727", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3727" - }, - { - "name" : "23475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23475" - }, - { - "name" : "24884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24884" - }, - { - "name" : "vcdgear-seh-bo(33642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23475" + }, + { + "name": "3727", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3727" + }, + { + "name": "vcdgear-seh-bo(33642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33642" + }, + { + "name": "20070414 VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465725/100/0/threaded" + }, + { + "name": "24884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24884" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2501.json b/2007/2xxx/CVE-2007-2501.json index 053fd68cfff..9288e1f3162 100644 --- a/2007/2xxx/CVE-2007-2501.json +++ b/2007/2xxx/CVE-2007-2501.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codepress.sourceforge.net/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://codepress.sourceforge.net/changelog.php" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=505510", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=505510" - }, - { - "name" : "23788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23788" - }, - { - "name" : "ADV-2007-1638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1638" - }, - { - "name" : "36484", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36484" - }, - { - "name" : "25124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25124" - }, - { - "name" : "codepress-codepress-xss(34055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=505510", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=505510" + }, + { + "name": "25124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25124" + }, + { + "name": "36484", + "refsource": "OSVDB", + "url": "http://osvdb.org/36484" + }, + { + "name": "http://codepress.sourceforge.net/changelog.php", + "refsource": "CONFIRM", + "url": "http://codepress.sourceforge.net/changelog.php" + }, + { + "name": "codepress-codepress-xss(34055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34055" + }, + { + "name": "ADV-2007-1638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1638" + }, + { + "name": "23788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23788" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2548.json b/2007/2xxx/CVE-2007-2548.json index 44f4977232d..124e298ab2d 100644 --- a/2007/2xxx/CVE-2007-2548.json +++ b/2007/2xxx/CVE-2007-2548.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to \"Cookie Manipulation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070505 SunShop (v4) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467825/100/0/threaded" - }, - { - "name" : "23856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23856" - }, - { - "name" : "35657", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35657" - }, - { - "name" : "2677", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to \"Cookie Manipulation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2677", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2677" + }, + { + "name": "20070505 SunShop (v4) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467825/100/0/threaded" + }, + { + "name": "23856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23856" + }, + { + "name": "35657", + "refsource": "OSVDB", + "url": "http://osvdb.org/35657" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2855.json b/2007/2xxx/CVE-2007-2855.json index 535ea4472c6..06d2ceced18 100644 --- a/2007/2xxx/CVE-2007-2855.json +++ b/2007/2xxx/CVE-2007-2855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moaxb.blogspot.com/2007/05/moaxb-22-bonus-dart-ziplite-compression.html", - "refsource" : "MISC", - "url" : "http://moaxb.blogspot.com/2007/05/moaxb-22-bonus-dart-ziplite-compression.html" - }, - { - "name" : "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=25", - "refsource" : "MISC", - "url" : "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=25" - }, - { - "name" : "38110", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38110" - }, - { - "name" : "ziplite-compression-activex-bo(34433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ziplite-compression-activex-bo(34433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34433" + }, + { + "name": "38110", + "refsource": "OSVDB", + "url": "http://osvdb.org/38110" + }, + { + "name": "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=25", + "refsource": "MISC", + "url": "http://shinnai.altervista.org/viewtopic.php?id=42&t_id=25" + }, + { + "name": "http://moaxb.blogspot.com/2007/05/moaxb-22-bonus-dart-ziplite-compression.html", + "refsource": "MISC", + "url": "http://moaxb.blogspot.com/2007/05/moaxb-22-bonus-dart-ziplite-compression.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2874.json b/2007/2xxx/CVE-2007-2874.json index 2001ab3cb97..367db77c64c 100644 --- a/2007/2xxx/CVE-2007-2874.json +++ b/2007/2xxx/CVE-2007-2874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[fedora-package-announce] 20070604 [SECURITY] Fedora 7 Update: NetworkManager-0.6.5-3.fc7", - "refsource" : "MLIST", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2007-June/msg00032.html" - }, - { - "name" : "FEDORA-2007-0186", - "refsource" : "FEDORA", - "url" : "http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-0186" - }, - { - "name" : "ADV-2007-2053", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2053" - }, - { - "name" : "46833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46833", + "refsource": "OSVDB", + "url": "http://osvdb.org/46833" + }, + { + "name": "FEDORA-2007-0186", + "refsource": "FEDORA", + "url": "http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-0186" + }, + { + "name": "[fedora-package-announce] 20070604 [SECURITY] Fedora 7 Update: NetworkManager-0.6.5-3.fc7", + "refsource": "MLIST", + "url": "http://www.redhat.com/archives/fedora-package-announce/2007-June/msg00032.html" + }, + { + "name": "ADV-2007-2053", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2053" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2969.json b/2007/2xxx/CVE-2007-2969.json index 6b69b864fba..8030b55fff6 100644 --- a/2007/2xxx/CVE-2007-2969.json +++ b/2007/2xxx/CVE-2007-2969.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4000", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4000" - }, - { - "name" : "24177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24177" - }, - { - "name" : "38812", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24177" + }, + { + "name": "4000", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4000" + }, + { + "name": "38812", + "refsource": "OSVDB", + "url": "http://osvdb.org/38812" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2975.json b/2007/2xxx/CVE-2007-2975.json index 1fd9981e9b8..d5d04dfc493 100644 --- a/2007/2xxx/CVE-2007-2975.json +++ b/2007/2xxx/CVE-2007-2975.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html", - "refsource" : "MISC", - "url" : "http://blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html" - }, - { - "name" : "http://www.igniterealtime.org/issues/browse/JM-1049", - "refsource" : "CONFIRM", - "url" : "http://www.igniterealtime.org/issues/browse/JM-1049" - }, - { - "name" : "24205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24205" - }, - { - "name" : "36713", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36713" - }, - { - "name" : "25427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25427" + }, + { + "name": "http://www.igniterealtime.org/issues/browse/JM-1049", + "refsource": "CONFIRM", + "url": "http://www.igniterealtime.org/issues/browse/JM-1049" + }, + { + "name": "36713", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36713" + }, + { + "name": "http://blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html", + "refsource": "MISC", + "url": "http://blogs.reucon.com/srt/2007/05/11/openfire_3_3_1_fixes_critical_security_issue.html" + }, + { + "name": "24205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24205" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3159.json b/2007/3xxx/CVE-2007-3159.json index 7a27de3d02b..59911c5d209 100644 --- a/2007/3xxx/CVE-2007-3159.json +++ b/2007/3xxx/CVE-2007-3159.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4046", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4046" - }, - { - "name" : "24375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24375" - }, - { - "name" : "37185", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37185" - }, - { - "name" : "25528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25528" - }, - { - "name" : "miniweb-contentlength-dos(34774)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4046", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4046" + }, + { + "name": "miniweb-contentlength-dos(34774)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34774" + }, + { + "name": "25528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25528" + }, + { + "name": "37185", + "refsource": "OSVDB", + "url": "http://osvdb.org/37185" + }, + { + "name": "24375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24375" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3520.json b/2007/3xxx/CVE-2007-3520.json index f0902aeed3a..c7eea759a51 100644 --- a/2007/3xxx/CVE-2007-3520.json +++ b/2007/3xxx/CVE-2007-3520.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4134", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4134" - }, - { - "name" : "24723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24723" - }, - { - "name" : "ADV-2007-2406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2406" - }, - { - "name" : "36355", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36355" - }, - { - "name" : "25901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25901" - }, - { - "name" : "easybe123-process-sql-injection(35196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25901" + }, + { + "name": "24723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24723" + }, + { + "name": "easybe123-process-sql-injection(35196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35196" + }, + { + "name": "ADV-2007-2406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2406" + }, + { + "name": "4134", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4134" + }, + { + "name": "36355", + "refsource": "OSVDB", + "url": "http://osvdb.org/36355" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6175.json b/2007/6xxx/CVE-2007-6175.json index 9e1282274f5..0caac83b228 100644 --- a/2007/6xxx/CVE-2007-6175.json +++ b/2007/6xxx/CVE-2007-6175.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www7a.biglobe.ne.jp/~schezo/lzh_vul.html", - "refsource" : "CONFIRM", - "url" : "http://www7a.biglobe.ne.jp/~schezo/lzh_vul.html" - }, - { - "name" : "JVN#82610488", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2382610488/index.html" - }, - { - "name" : "26531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26531" - }, - { - "name" : "ADV-2007-3960", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3960" - }, - { - "name" : "40583", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40583" - }, - { - "name" : "27734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27734" - }, - { - "name" : "lhaplus-lzh-bo(38624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#82610488", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2382610488/index.html" + }, + { + "name": "26531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26531" + }, + { + "name": "ADV-2007-3960", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3960" + }, + { + "name": "http://www7a.biglobe.ne.jp/~schezo/lzh_vul.html", + "refsource": "CONFIRM", + "url": "http://www7a.biglobe.ne.jp/~schezo/lzh_vul.html" + }, + { + "name": "27734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27734" + }, + { + "name": "40583", + "refsource": "OSVDB", + "url": "http://osvdb.org/40583" + }, + { + "name": "lhaplus-lzh-bo(38624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38624" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6482.json b/2007/6xxx/CVE-2007-6482.json index 1e590f3b0a2..bb169b80463 100644 --- a/2007/6xxx/CVE-2007-6482.json +++ b/2007/6xxx/CVE-2007-6482.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "103175", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1" - }, - { - "name" : "201227", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201227-1" - }, - { - "name" : "26944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26944" - }, - { - "name" : "ADV-2007-4269", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4269" - }, - { - "name" : "40846", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40846" - }, - { - "name" : "1019118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019118" - }, - { - "name" : "28148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28148" - }, - { - "name" : "sunray-utdevmgrd-dos(39133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26944" + }, + { + "name": "ADV-2007-4269", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4269" + }, + { + "name": "sunray-utdevmgrd-dos(39133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39133" + }, + { + "name": "1019118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019118" + }, + { + "name": "201227", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201227-1" + }, + { + "name": "40846", + "refsource": "OSVDB", + "url": "http://osvdb.org/40846" + }, + { + "name": "28148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28148" + }, + { + "name": "103175", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6608.json b/2007/6xxx/CVE-2007-6608.json index f6e5aadab08..9cdc4a287b0 100644 --- a/2007/6xxx/CVE-2007-6608.json +++ b/2007/6xxx/CVE-2007-6608.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485588/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071" - }, - { - "name" : "27053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27053" - }, - { - "name" : "39869", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39869" - }, - { - "name" : "39870", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39870" - }, - { - "name" : "39871", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39871" - }, - { - "name" : "3502", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3502" - }, - { - "name" : "openbiblio-uid-name-xss(39297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3502", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3502" + }, + { + "name": "20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485588/100/0/threaded" + }, + { + "name": "39869", + "refsource": "OSVDB", + "url": "http://osvdb.org/39869" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071" + }, + { + "name": "27053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27053" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071" + }, + { + "name": "openbiblio-uid-name-xss(39297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39297" + }, + { + "name": "39870", + "refsource": "OSVDB", + "url": "http://osvdb.org/39870" + }, + { + "name": "39871", + "refsource": "OSVDB", + "url": "http://osvdb.org/39871" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0357.json b/2010/0xxx/CVE-2010-0357.json index 40479488a2b..fd47f71e06e 100644 --- a/2010/0xxx/CVE-2010-0357.json +++ b/2010/0xxx/CVE-2010-0357.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM02704", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM02704" - }, - { - "name" : "PM03233", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM03233" - }, - { - "name" : "PM04647", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM04647" - }, - { - "name" : "37825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37825" - }, - { - "name" : "61711", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61711" - }, - { - "name" : "1023463", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023463" - }, - { - "name" : "38174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38174" - }, - { - "name" : "ADV-2010-0149", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0149" - }, - { - "name" : "lotusweb-login-xss(55663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38174" + }, + { + "name": "lotusweb-login-xss(55663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55663" + }, + { + "name": "ADV-2010-0149", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0149" + }, + { + "name": "1023463", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023463" + }, + { + "name": "61711", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61711" + }, + { + "name": "PM04647", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM04647" + }, + { + "name": "PM03233", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM03233" + }, + { + "name": "PM02704", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM02704" + }, + { + "name": "37825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37825" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0670.json b/2010/0xxx/CVE-2010-0670.json index bf30c8aface..470a23b81e3 100644 --- a/2010/0xxx/CVE-2010-0670.json +++ b/2010/0xxx/CVE-2010-0670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iptechinside.com/labs/news/show/6", - "refsource" : "CONFIRM", - "url" : "http://www.iptechinside.com/labs/news/show/6" - }, - { - "name" : "jquarks-unspecified-path-disclosure(56523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jquarks-unspecified-path-disclosure(56523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56523" + }, + { + "name": "http://www.iptechinside.com/labs/news/show/6", + "refsource": "CONFIRM", + "url": "http://www.iptechinside.com/labs/news/show/6" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0850.json b/2010/0xxx/CVE-2010-0850.json index 2725b7bdabf..74bb6d5826c 100644 --- a/2010/0xxx/CVE-2010-0850.json +++ b/2010/0xxx/CVE-2010-0850.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43308" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43308" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1444.json b/2010/1xxx/CVE-2010-1444.json index 0bfa6f3ae19..fdfd5bbb5f8 100644 --- a/2010/1xxx/CVE-2010-1444.json +++ b/2010/1xxx/CVE-2010-1444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/04/28/4" - }, - { - "name" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf" - }, - { - "name" : "http://www.videolan.org/security/sa1003.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.videolan.org/security/sa1003.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1003.html" + }, + { + "name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf" + }, + { + "name": "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/04/28/4" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1465.json b/2010/1xxx/CVE-2010-1465.json index efeee99eea5..8695e2ae696 100644 --- a/2010/1xxx/CVE-2010-1465.json +++ b/2010/1xxx/CVE-2010-1465.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12152", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12152" - }, - { - "name" : "39370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39370" - }, - { - "name" : "trellian-pasv-bo(57778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39370" + }, + { + "name": "trellian-pasv-bo(57778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57778" + }, + { + "name": "12152", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12152" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1586.json b/2010/1xxx/CVE-2010-1586.json index a07b1bebb2e..643756e28b3 100644 --- a/2010/1xxx/CVE-2010-1586.json +++ b/2010/1xxx/CVE-2010-1586.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse" - }, - { - "name" : "39676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39676" - }, - { - "name" : "hp-smh-redirecturl-phishing(58107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39676" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse" + }, + { + "name": "hp-smh-redirecturl-phishing(58107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58107" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1807.json b/2010/1xxx/CVE-2010-1807.json index ab633f04c06..b5376a7772c 100644 --- a/2010/1xxx/CVE-2010-1807.json +++ b/2010/1xxx/CVE-2010-1807.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack" - }, - { - "name" : "http://support.apple.com/kb/HT4333", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4333" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "http://trac.webkit.org/changeset/64706", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/64706" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=627703", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=627703" - }, - { - "name" : "APPLE-SA-2010-09-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "43047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43047" - }, - { - "name" : "oval:org.mitre.oval:def:11964", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2010-3046", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3046" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "http://trac.webkit.org/changeset/64706", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/64706" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "ADV-2010-3046", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3046" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "APPLE-SA-2010-09-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=627703", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627703" + }, + { + "name": "http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack" + }, + { + "name": "oval:org.mitre.oval:def:11964", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964" + }, + { + "name": "43047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43047" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4333", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4333" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1984.json b/2010/1xxx/CVE-2010-1984.json index 4ef746634d3..41e814b3a70 100644 --- a/2010/1xxx/CVE-2010-1984.json +++ b/2010/1xxx/CVE-2010-1984.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/757974", - "refsource" : "MISC", - "url" : "http://drupal.org/node/757974" - }, - { - "name" : "http://drupal.org/node/757980", - "refsource" : "MISC", - "url" : "http://drupal.org/node/757980" - }, - { - "name" : "http://drupal.org/node/758456", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/758456" - }, - { - "name" : "63424", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63424" - }, - { - "name" : "39138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39138" - }, - { - "name" : "taxonomy-breadcrumb-name-xss(57446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39138" + }, + { + "name": "http://drupal.org/node/757974", + "refsource": "MISC", + "url": "http://drupal.org/node/757974" + }, + { + "name": "http://drupal.org/node/758456", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/758456" + }, + { + "name": "63424", + "refsource": "OSVDB", + "url": "http://osvdb.org/63424" + }, + { + "name": "http://drupal.org/node/757980", + "refsource": "MISC", + "url": "http://drupal.org/node/757980" + }, + { + "name": "taxonomy-breadcrumb-name-xss(57446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57446" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5263.json b/2010/5xxx/CVE-2010-5263.json index 10ab4a162cb..8c163512210 100644 --- a/2010/5xxx/CVE-2010-5263.json +++ b/2010/5xxx/CVE-2010-5263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1009-exploits/sothinkswf-dllhijack.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/sothinkswf-dllhijack.txt" - }, - { - "name" : "41572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 Build 610 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .flv file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1009-exploits/sothinkswf-dllhijack.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/sothinkswf-dllhijack.txt" + }, + { + "name": "41572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41572" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0051.json b/2014/0xxx/CVE-2014-0051.json index e8b09eca460..a4118cac105 100644 --- a/2014/0xxx/CVE-2014-0051.json +++ b/2014/0xxx/CVE-2014-0051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0051", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0051", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0216.json b/2014/0xxx/CVE-2014-0216.json index 7ec5ad6c9fa..75a61fc5a24 100644 --- a/2014/0xxx/CVE-2014-0216.json +++ b/2014/0xxx/CVE-2014-0216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140519 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=260364", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=260364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=260364", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=260364" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877" + }, + { + "name": "[oss-security] 20140519 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0626.json b/2014/0xxx/CVE-2014-0626.json index d63b496df70..53a2c66af0d 100644 --- a/2014/0xxx/CVE-2014-0626.json +++ b/2014/0xxx/CVE-2014-0626.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0633.json b/2014/0xxx/CVE-2014-0633.json index a44c74679bc..70f3d2e68df 100644 --- a/2014/0xxx/CVE-2014-0633.json +++ b/2014/0xxx/CVE-2014-0633.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0802.json b/2014/0xxx/CVE-2014-0802.json index f96653a961a..ba2001ae632 100644 --- a/2014/0xxx/CVE-2014-0802.json +++ b/2014/0xxx/CVE-2014-0802.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#88313872", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN88313872/index.html" - }, - { - "name" : "JVNDB-2014-000001", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000001", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001" + }, + { + "name": "JVN#88313872", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN88313872/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0995.json b/2014/0xxx/CVE-2014-0995.json index c4e32a401e8..f7dfd1d9e2b 100644 --- a/2014/0xxx/CVE-2014-0995.json +++ b/2014/0xxx/CVE-2014-0995.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533719/100/0/threaded" - }, - { - "name" : "20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/76" - }, - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html" - }, - { - "name" : "http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability" - }, - { - "name" : "https://twitter.com/SAP_Gsupport/status/522750365780160513", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/SAP_Gsupport/status/522750365780160513" - }, - { - "name" : "60950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60950" - }, - { - "name" : "netweaver-trace-pattern-dos(97610)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/SAP_Gsupport/status/522750365780160513", + "refsource": "CONFIRM", + "url": "https://twitter.com/SAP_Gsupport/status/522750365780160513" + }, + { + "name": "60950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60950" + }, + { + "name": "netweaver-trace-pattern-dos(97610)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97610" + }, + { + "name": "http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html" + }, + { + "name": "http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability" + }, + { + "name": "20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533719/100/0/threaded" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "20141016 [CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/76" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100034.json b/2014/100xxx/CVE-2014-100034.json index d78e4e4321c..42dbe06d7ec 100644 --- a/2014/100xxx/CVE-2014-100034.json +++ b/2014/100xxx/CVE-2014-100034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html" - }, - { - "name" : "57299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57299" - }, - { - "name" : "arcticdesk-interface-xss(91792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "arcticdesk-interface-xss(91792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91792" + }, + { + "name": "http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html", + "refsource": "CONFIRM", + "url": "http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html" + }, + { + "name": "57299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57299" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1780.json b/2014/1xxx/CVE-2014-1780.json index 830f0107b1c..5512c52a37e 100644 --- a/2014/1xxx/CVE-2014-1780.json +++ b/2014/1xxx/CVE-2014-1780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67873" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "67873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67873" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4015.json b/2014/4xxx/CVE-2014-4015.json index 7bd09038880..cfe8ef1b1eb 100644 --- a/2014/4xxx/CVE-2014-4015.json +++ b/2014/4xxx/CVE-2014-4015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4028.json b/2014/4xxx/CVE-2014-4028.json index d1402aa360f..f00812c51ac 100644 --- a/2014/4xxx/CVE-2014-4028.json +++ b/2014/4xxx/CVE-2014-4028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5011.json b/2014/5xxx/CVE-2014-5011.json index 49f41211ce8..d25956eea2b 100644 --- a/2014/5xxx/CVE-2014-5011.json +++ b/2014/5xxx/CVE-2014-5011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5056.json b/2014/5xxx/CVE-2014-5056.json index 61522906ebf..3e57c698146 100644 --- a/2014/5xxx/CVE-2014-5056.json +++ b/2014/5xxx/CVE-2014-5056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5456.json b/2014/5xxx/CVE-2014-5456.json index 8f29aa8fa48..13445b3a8aa 100644 --- a/2014/5xxx/CVE-2014-5456.json +++ b/2014/5xxx/CVE-2014-5456.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the \"[Content Type]: Create new content\" permission to inject arbitrary web script or HTML via vectors related to the configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2324681", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2324681" - }, - { - "name" : "https://www.drupal.org/node/2323983", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2323983" - }, - { - "name" : "69346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69346" - }, - { - "name" : "60759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the \"[Content Type]: Create new content\" permission to inject arbitrary web script or HTML via vectors related to the configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69346" + }, + { + "name": "https://www.drupal.org/node/2323983", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2323983" + }, + { + "name": "60759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60759" + }, + { + "name": "https://www.drupal.org/node/2324681", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2324681" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5831.json b/2014/5xxx/CVE-2014-5831.json index 3af944f220a..c4c7cafbf65 100644 --- a/2014/5xxx/CVE-2014-5831.json +++ b/2014/5xxx/CVE-2014-5831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#744681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/744681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#744681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/744681" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10333.json b/2016/10xxx/CVE-2016-10333.json index 2c67b0dfd6d..bff1a804981 100644 --- a/2016/10xxx/CVE-2016-10333.json +++ b/2016/10xxx/CVE-2016-10333.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2016-10333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2016-10333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98874" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98874" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10601.json b/2016/10xxx/CVE-2016-10601.json index a437406a47d..3df089432a1 100644 --- a/2016/10xxx/CVE-2016-10601.json +++ b/2016/10xxx/CVE-2016-10601.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "webdrvr node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "webdrvr node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/193", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/193", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/193" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3536.json b/2016/3xxx/CVE-2016-3536.json index 4ceaee7c97d..7dd1247eb8b 100644 --- a/2016/3xxx/CVE-2016-3536.json +++ b/2016/3xxx/CVE-2016-3536.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", - "refsource" : "MISC", - "url" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91857" - }, - { - "name" : "1036403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", + "refsource": "MISC", + "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036403" + }, + { + "name": "91857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91857" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3690.json b/2016/3xxx/CVE-2016-3690.json index 90b356cb146..3f73edfe2af 100644 --- a/2016/3xxx/CVE-2016-3690.json +++ b/2016/3xxx/CVE-2016-3690.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/solutions/45530", - "refsource" : "MISC", - "url" : "https://access.redhat.com/solutions/45530" - }, - { - "name" : "https://access.redhat.com/solutions/178393", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/solutions/178393" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327037", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1327037" - }, - { - "name" : "99079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1327037", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327037" + }, + { + "name": "https://access.redhat.com/solutions/45530", + "refsource": "MISC", + "url": "https://access.redhat.com/solutions/45530" + }, + { + "name": "99079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99079" + }, + { + "name": "https://access.redhat.com/solutions/178393", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/solutions/178393" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3801.json b/2016/3xxx/CVE-2016-3801.json index 72f00dd7da7..9ca3b129b3f 100644 --- a/2016/3xxx/CVE-2016-3801.json +++ b/2016/3xxx/CVE-2016-3801.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3827.json b/2016/3xxx/CVE-2016-3827.json index ebf33a5cdd0..3ef57aa46c0 100644 --- a/2016/3xxx/CVE-2016-3827.json +++ b/2016/3xxx/CVE-2016-3827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5" - }, - { - "name" : "92221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92221" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8665.json b/2016/8xxx/CVE-2016-8665.json index 162d3f2ce8a..ddc5a5d4d0e 100644 --- a/2016/8xxx/CVE-2016-8665.json +++ b/2016/8xxx/CVE-2016-8665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8665", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8665", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8702.json b/2016/8xxx/CVE-2016-8702.json index 94b288920c4..e0676bc5e40 100644 --- a/2016/8xxx/CVE-2016-8702.json +++ b/2016/8xxx/CVE-2016-8702.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" - }, - { - "name" : "http://potrace.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://potrace.sourceforge.net/ChangeLog" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "http://potrace.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://potrace.sourceforge.net/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8838.json b/2016/8xxx/CVE-2016-8838.json index e97f9926cc1..a3fb4b51ef9 100644 --- a/2016/8xxx/CVE-2016-8838.json +++ b/2016/8xxx/CVE-2016-8838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8838", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8838", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9125.json b/2016/9xxx/CVE-2016-9125.json index 584f21f79d1..1a15eeabc32 100644 --- a/2016/9xxx/CVE-2016-9125.json +++ b/2016/9xxx/CVE-2016-9125.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Revive Adserver All versions before 3.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "Revive Adserver All versions before 3.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Session Fixation (CWE-384)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Revive Adserver All versions before 3.2.3", + "version": { + "version_data": [ + { + "version_value": "Revive Adserver All versions before 3.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39", - "refsource" : "MISC", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39" - }, - { - "name" : "https://hackerone.com/reports/93809", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/93809" - }, - { - "name" : "https://hackerone.com/reports/93813", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/93813" - }, - { - "name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", - "refsource" : "MISC", - "url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Fixation (CWE-384)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", + "refsource": "MISC", + "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/" + }, + { + "name": "https://hackerone.com/reports/93813", + "refsource": "MISC", + "url": "https://hackerone.com/reports/93813" + }, + { + "name": "https://hackerone.com/reports/93809", + "refsource": "MISC", + "url": "https://hackerone.com/reports/93809" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39", + "refsource": "MISC", + "url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9134.json b/2016/9xxx/CVE-2016-9134.json index 296f06e805b..3948fa3f203 100644 --- a/2016/9xxx/CVE-2016-9134.json +++ b/2016/9xxx/CVE-2016-9134.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in \"/expPaginator.php\" affecting the order parameter. Impact is Information Disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/45a7a62797e64e8abbae35d4859097c26f1874b1", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/45a7a62797e64e8abbae35d4859097c26f1874b1" - }, - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db" - }, - { - "name" : "94127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in \"/expPaginator.php\" affecting the order parameter. Impact is Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/d5c3c175b60bd26b2b74ec85b8f0d2544db2c8db" + }, + { + "name": "94127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94127" + }, + { + "name": "https://github.com/exponentcms/exponent-cms/commit/45a7a62797e64e8abbae35d4859097c26f1874b1", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/45a7a62797e64e8abbae35d4859097c26f1874b1" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9614.json b/2016/9xxx/CVE-2016-9614.json index 27db78ece68..dce4bcc6c73 100644 --- a/2016/9xxx/CVE-2016-9614.json +++ b/2016/9xxx/CVE-2016-9614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9614", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9614", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9736.json b/2016/9xxx/CVE-2016-9736.json index 28bc5ee8533..9eb2ce7d02a 100644 --- a/2016/9xxx/CVE-2016-9736.json +++ b/2016/9xxx/CVE-2016-9736.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119780", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119780" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991469", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991469" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21996820", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21996820" - }, - { - "name" : "96076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119780", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119780" + }, + { + "name": "96076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96076" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991469", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991469" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21996820", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21996820" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9779.json b/2016/9xxx/CVE-2016-9779.json index 40248bbea88..d43dc4cad2a 100644 --- a/2016/9xxx/CVE-2016-9779.json +++ b/2016/9xxx/CVE-2016-9779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9779", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9779", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2103.json b/2019/2xxx/CVE-2019-2103.json index 3ae7114392a..85ab7fe168e 100644 --- a/2019/2xxx/CVE-2019-2103.json +++ b/2019/2xxx/CVE-2019-2103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2173.json b/2019/2xxx/CVE-2019-2173.json index e1a2add2aca..1fb0899abf5 100644 --- a/2019/2xxx/CVE-2019-2173.json +++ b/2019/2xxx/CVE-2019-2173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2192.json b/2019/2xxx/CVE-2019-2192.json index 6fc209a818e..31ecaa2d0b9 100644 --- a/2019/2xxx/CVE-2019-2192.json +++ b/2019/2xxx/CVE-2019-2192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2423.json b/2019/2xxx/CVE-2019-2423.json index 92560668e53..72ba98a3da2 100644 --- a/2019/2xxx/CVE-2019-2423.json +++ b/2019/2xxx/CVE-2019-2423.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - }, - { - "version_affected" : "=", - "version_value" : "8.57" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + }, + { + "version_affected": "=", + "version_value": "8.57" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106592" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2801.json b/2019/2xxx/CVE-2019-2801.json index 1d274c91d34..735738b99fc 100644 --- a/2019/2xxx/CVE-2019-2801.json +++ b/2019/2xxx/CVE-2019-2801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6129.json b/2019/6xxx/CVE-2019-6129.json index e0f52c06593..be7d02dd4ba 100644 --- a/2019/6xxx/CVE-2019-6129.json +++ b/2019/6xxx/CVE-2019-6129.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/glennrp/libpng/issues/269", - "refsource" : "MISC", - "url" : "https://github.com/glennrp/libpng/issues/269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/glennrp/libpng/issues/269", + "refsource": "MISC", + "url": "https://github.com/glennrp/libpng/issues/269" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6292.json b/2019/6xxx/CVE-2019-6292.json index 2e574540ee8..cf010aa114c 100644 --- a/2019/6xxx/CVE-2019-6292.json +++ b/2019/6xxx/CVE-2019-6292.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbeder/yaml-cpp/issues/657", - "refsource" : "MISC", - "url" : "https://github.com/jbeder/yaml-cpp/issues/657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jbeder/yaml-cpp/issues/657", + "refsource": "MISC", + "url": "https://github.com/jbeder/yaml-cpp/issues/657" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6931.json b/2019/6xxx/CVE-2019-6931.json index 89f69e4f188..f6a87cb51dd 100644 --- a/2019/6xxx/CVE-2019-6931.json +++ b/2019/6xxx/CVE-2019-6931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file