From c96a28f9eb387202967a774fc3c7bfc433cad805 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:30:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5078.json | 150 ++++++++-------- 2006/5xxx/CVE-2006-5736.json | 180 +++++++++---------- 2007/2xxx/CVE-2007-2093.json | 180 +++++++++---------- 2007/2xxx/CVE-2007-2303.json | 150 ++++++++-------- 2007/2xxx/CVE-2007-2681.json | 140 +++++++-------- 2007/2xxx/CVE-2007-2759.json | 150 ++++++++-------- 2007/2xxx/CVE-2007-2776.json | 160 ++++++++--------- 2007/3xxx/CVE-2007-3132.json | 210 +++++++++++----------- 2007/3xxx/CVE-2007-3246.json | 160 ++++++++--------- 2007/3xxx/CVE-2007-3288.json | 160 ++++++++--------- 2007/3xxx/CVE-2007-3851.json | 300 +++++++++++++++---------------- 2007/3xxx/CVE-2007-3995.json | 34 ++-- 2007/4xxx/CVE-2007-4969.json | 160 ++++++++--------- 2007/6xxx/CVE-2007-6691.json | 210 +++++++++++----------- 2010/0xxx/CVE-2010-0086.json | 150 ++++++++-------- 2010/0xxx/CVE-2010-0691.json | 140 +++++++-------- 2010/1xxx/CVE-2010-1046.json | 150 ++++++++-------- 2010/1xxx/CVE-2010-1559.json | 140 +++++++-------- 2010/1xxx/CVE-2010-1881.json | 140 +++++++-------- 2010/5xxx/CVE-2010-5072.json | 120 ++++++------- 2010/5xxx/CVE-2010-5210.json | 130 +++++++------- 2014/0xxx/CVE-2014-0413.json | 120 ++++++------- 2014/0xxx/CVE-2014-0654.json | 180 +++++++++---------- 2014/0xxx/CVE-2014-0739.json | 130 +++++++------- 2014/100xxx/CVE-2014-100010.json | 160 ++++++++--------- 2014/1xxx/CVE-2014-1279.json | 120 ++++++------- 2014/1xxx/CVE-2014-1618.json | 190 ++++++++++---------- 2014/5xxx/CVE-2014-5594.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5980.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2408.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2566.json | 150 ++++++++-------- 2015/2xxx/CVE-2015-2697.json | 220 +++++++++++------------ 2016/10xxx/CVE-2016-10205.json | 140 +++++++-------- 2016/10xxx/CVE-2016-10222.json | 130 +++++++------- 2016/10xxx/CVE-2016-10562.json | 122 ++++++------- 2016/3xxx/CVE-2016-3622.json | 160 ++++++++--------- 2016/4xxx/CVE-2016-4536.json | 140 +++++++-------- 2016/4xxx/CVE-2016-4858.json | 180 +++++++++---------- 2016/8xxx/CVE-2016-8264.json | 34 ++-- 2016/8xxx/CVE-2016-8802.json | 130 +++++++------- 2016/8xxx/CVE-2016-8807.json | 150 ++++++++-------- 2016/8xxx/CVE-2016-8872.json | 34 ++-- 2016/9xxx/CVE-2016-9067.json | 162 ++++++++--------- 2016/9xxx/CVE-2016-9133.json | 34 ++-- 2016/9xxx/CVE-2016-9245.json | 140 +++++++-------- 2016/9xxx/CVE-2016-9379.json | 170 +++++++++--------- 2019/2xxx/CVE-2019-2391.json | 34 ++-- 2019/2xxx/CVE-2019-2418.json | 148 +++++++-------- 2019/2xxx/CVE-2019-2483.json | 34 ++-- 2019/2xxx/CVE-2019-2956.json | 34 ++-- 2019/6xxx/CVE-2019-6015.json | 34 ++-- 2019/6xxx/CVE-2019-6210.json | 228 +++++++++++------------ 2019/6xxx/CVE-2019-6332.json | 34 ++-- 2019/6xxx/CVE-2019-6987.json | 34 ++-- 2019/7xxx/CVE-2019-7449.json | 34 ++-- 2019/7xxx/CVE-2019-7543.json | 120 ++++++------- 2019/7xxx/CVE-2019-7965.json | 34 ++-- 57 files changed, 3749 insertions(+), 3749 deletions(-) diff --git a/2006/5xxx/CVE-2006-5078.json b/2006/5xxx/CVE-2006-5078.json index de61750d86f..ec4802bd30d 100644 --- a/2006/5xxx/CVE-2006-5078.json +++ b/2006/5xxx/CVE-2006-5078.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=620481", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=620481" - }, - { - "name" : "2427", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2427" - }, - { - "name" : "20183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20183" - }, - { - "name" : "polaring-general-file-include(29138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "polaring-general-file-include(29138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29138" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=620481", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=620481" + }, + { + "name": "20183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20183" + }, + { + "name": "2427", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2427" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5736.json b/2006/5xxx/CVE-2006-5736.json index 5c2e7c2ee7e..80bd8098e43 100644 --- a/2006/5xxx/CVE-2006-5736.json +++ b/2006/5xxx/CVE-2006-5736.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/450055/100/0/threaded" - }, - { - "name" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities" - }, - { - "name" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt", - "refsource" : "CONFIRM", - "url" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt" - }, - { - "name" : "ADV-2006-4256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4256" - }, - { - "name" : "30133", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30133" - }, - { - "name" : "1017131", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017131" - }, - { - "name" : "1824", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017131", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017131" + }, + { + "name": "1824", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1824" + }, + { + "name": "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded" + }, + { + "name": "ADV-2006-4256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4256" + }, + { + "name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities" + }, + { + "name": "30133", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30133" + }, + { + "name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt", + "refsource": "CONFIRM", + "url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2093.json b/2007/2xxx/CVE-2007-2093.json index 59a3f9fe78d..a1b8e129443 100644 --- a/2007/2xxx/CVE-2007-2093.json +++ b/2007/2xxx/CVE-2007-2093.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070415 LS simple guestbook - arbitrary code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465864/100/0/threaded" - }, - { - "name" : "3735", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3735" - }, - { - "name" : "23503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23503" - }, - { - "name" : "ADV-2007-1393", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1393" - }, - { - "name" : "24904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24904" - }, - { - "name" : "2590", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2590" - }, - { - "name" : "lsguestbook-index-code-execution(33666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23503" + }, + { + "name": "3735", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3735" + }, + { + "name": "ADV-2007-1393", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1393" + }, + { + "name": "2590", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2590" + }, + { + "name": "24904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24904" + }, + { + "name": "lsguestbook-index-code-execution(33666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33666" + }, + { + "name": "20070415 LS simple guestbook - arbitrary code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465864/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2303.json b/2007/2xxx/CVE-2007-2303.json index b38fcc21b9a..07d583c321b 100644 --- a/2007/2xxx/CVE-2007-2303.json +++ b/2007/2xxx/CVE-2007-2303.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3742", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3742" - }, - { - "name" : "ADV-2007-1395", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1395" - }, - { - "name" : "34997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34997" - }, - { - "name" : "24896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34997", + "refsource": "OSVDB", + "url": "http://osvdb.org/34997" + }, + { + "name": "24896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24896" + }, + { + "name": "3742", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3742" + }, + { + "name": "ADV-2007-1395", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1395" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2681.json b/2007/2xxx/CVE-2007-2681.json index 4a42524eb54..aad99e85961 100644 --- a/2007/2xxx/CVE-2007-2681.json +++ b/2007/2xxx/CVE-2007-2681.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 B2evolution 1.6 RFi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465733/100/0/threaded" - }, - { - "name" : "2697", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2697" - }, - { - "name" : "b2evolution-index-file-include(33687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "b2evolution-index-file-include(33687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33687" + }, + { + "name": "2697", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2697" + }, + { + "name": "20070414 B2evolution 1.6 RFi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465733/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2759.json b/2007/2xxx/CVE-2007-2759.json index d8c56b31f46..f19fe6c2e0d 100644 --- a/2007/2xxx/CVE-2007-2759.json +++ b/2007/2xxx/CVE-2007-2759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adempiere.com/wiki/index.php/Release_316", - "refsource" : "CONFIRM", - "url" : "http://www.adempiere.com/wiki/index.php/Release_316" - }, - { - "name" : "ADV-2007-1842", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1842" - }, - { - "name" : "37956", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37956" - }, - { - "name" : "adempiere-insert-sql-injection(34325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adempiere.com/wiki/index.php/Release_316", + "refsource": "CONFIRM", + "url": "http://www.adempiere.com/wiki/index.php/Release_316" + }, + { + "name": "37956", + "refsource": "OSVDB", + "url": "http://osvdb.org/37956" + }, + { + "name": "adempiere-insert-sql-injection(34325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34325" + }, + { + "name": "ADV-2007-1842", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1842" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2776.json b/2007/2xxx/CVE-2007-2776.json index 51dc224c324..8ab5473a0bc 100644 --- a/2007/2xxx/CVE-2007-2776.json +++ b/2007/2xxx/CVE-2007-2776.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3958" - }, - { - "name" : "http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack", - "refsource" : "MISC", - "url" : "http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack" - }, - { - "name" : "24068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24068" - }, - { - "name" : "40422", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40422" - }, - { - "name" : "alstrasoft-template-changeinfo-unauth-access(34396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24068" + }, + { + "name": "40422", + "refsource": "OSVDB", + "url": "http://osvdb.org/40422" + }, + { + "name": "alstrasoft-template-changeinfo-unauth-access(34396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34396" + }, + { + "name": "3958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3958" + }, + { + "name": "http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack", + "refsource": "MISC", + "url": "http://itablackhawk.altervista.org/exploit/alsoft_exploit_pack" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3132.json b/2007/3xxx/CVE-2007-3132.json index 5ad5f36951d..00b63ed191d 100644 --- a/2007/3xxx/CVE-2007-3132.json +++ b/2007/3xxx/CVE-2007-3132.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070605 Symantec Ghost Multiple Denial of Service Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540" - }, - { - "name" : "20070606 iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470644/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html" - }, - { - "name" : "24323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24323" - }, - { - "name" : "ADV-2007-2075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2075" - }, - { - "name" : "36106", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36106" - }, - { - "name" : "1018200", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018200" - }, - { - "name" : "25539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25539" - }, - { - "name" : "2805", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2805" - }, - { - "name" : "symantec-ghost-udp-dos(34745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-ghost-udp-dos(34745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34745" + }, + { + "name": "24323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24323" + }, + { + "name": "20070605 Symantec Ghost Multiple Denial of Service Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540" + }, + { + "name": "20070606 iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470644/100/0/threaded" + }, + { + "name": "1018200", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018200" + }, + { + "name": "ADV-2007-2075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2075" + }, + { + "name": "2805", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2805" + }, + { + "name": "25539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25539" + }, + { + "name": "36106", + "refsource": "OSVDB", + "url": "http://osvdb.org/36106" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05b.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3246.json b/2007/3xxx/CVE-2007-3246.json index 17e61209556..12e6a1b608a 100644 --- a/2007/3xxx/CVE-2007-3246.json +++ b/2007/3xxx/CVE-2007-3246.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[IRCServices] 20070324 Regarding Founder Passwords", - "refsource" : "MLIST", - "url" : "http://lists.ircservices.za.net/pipermail/ircservices/2007/005228.html" - }, - { - "name" : "[IRCServices] 20070324 Services 5.0.60 released", - "refsource" : "MLIST", - "url" : "http://lists.ircservices.za.net/pipermail/ircservices/2007/005229.html" - }, - { - "name" : "http://www.ircservices.za.net/Changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.ircservices.za.net/Changes.txt" - }, - { - "name" : "41691", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41691" - }, - { - "name" : "ircservices-doset-privilege-escalation(34945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[IRCServices] 20070324 Services 5.0.60 released", + "refsource": "MLIST", + "url": "http://lists.ircservices.za.net/pipermail/ircservices/2007/005229.html" + }, + { + "name": "[IRCServices] 20070324 Regarding Founder Passwords", + "refsource": "MLIST", + "url": "http://lists.ircservices.za.net/pipermail/ircservices/2007/005228.html" + }, + { + "name": "http://www.ircservices.za.net/Changes.txt", + "refsource": "CONFIRM", + "url": "http://www.ircservices.za.net/Changes.txt" + }, + { + "name": "ircservices-doset-privilege-escalation(34945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34945" + }, + { + "name": "41691", + "refsource": "OSVDB", + "url": "http://osvdb.org/41691" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3288.json b/2007/3xxx/CVE-2007-3288.json index d1f3cc0ef96..738516a34db 100644 --- a/2007/3xxx/CVE-2007-3288.json +++ b/2007/3xxx/CVE-2007-3288.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070619 Persistent cross-site scripting in wordpress.com dashboard", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471734/100/0/threaded" - }, - { - "name" : "24551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24551" - }, - { - "name" : "38472", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38472" - }, - { - "name" : "2826", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2826" - }, - { - "name" : "automatticstats-wordpress-header-xss(34934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24551" + }, + { + "name": "automatticstats-wordpress-header-xss(34934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34934" + }, + { + "name": "2826", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2826" + }, + { + "name": "38472", + "refsource": "OSVDB", + "url": "http://osvdb.org/38472" + }, + { + "name": "20070619 Persistent cross-site scripting in wordpress.com dashboard", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471734/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3851.json b/2007/3xxx/CVE-2007-3851.json index 9ae954ac455..51798a6990e 100644 --- a/2007/3xxx/CVE-2007-3851.json +++ b/2007/3xxx/CVE-2007-3851.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1620", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1620" - }, - { - "name" : "DSA-1356", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1356" - }, - { - "name" : "MDVSA-2008:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" - }, - { - "name" : "RHSA-2007:0705", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0705.html" - }, - { - "name" : "SUSE-SA:2007:051", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" - }, - { - "name" : "SUSE-SA:2007:053", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_53_kernel.html" - }, - { - "name" : "USN-510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-510-1" - }, - { - "name" : "USN-509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-509-1" - }, - { - "name" : "25263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25263" - }, - { - "name" : "oval:org.mitre.oval:def:11196", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196" - }, - { - "name" : "ADV-2007-2854", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2854" - }, - { - "name" : "26389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26389" - }, - { - "name" : "26500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26500" - }, - { - "name" : "26450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26450" - }, - { - "name" : "26643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26643" - }, - { - "name" : "26760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26760" - }, - { - "name" : "26664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26664" - }, - { - "name" : "27227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25263" + }, + { + "name": "26389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26389" + }, + { + "name": "27227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27227" + }, + { + "name": "26664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26664" + }, + { + "name": "26643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26643" + }, + { + "name": "SUSE-SA:2007:051", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html" + }, + { + "name": "SUSE-SA:2007:053", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1620", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1620" + }, + { + "name": "USN-510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-510-1" + }, + { + "name": "DSA-1356", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1356" + }, + { + "name": "USN-509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-509-1" + }, + { + "name": "oval:org.mitre.oval:def:11196", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196" + }, + { + "name": "26760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26760" + }, + { + "name": "RHSA-2007:0705", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html" + }, + { + "name": "MDVSA-2008:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" + }, + { + "name": "ADV-2007-2854", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2854" + }, + { + "name": "26500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26500" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2" + }, + { + "name": "26450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26450" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3995.json b/2007/3xxx/CVE-2007-3995.json index 634edba0720..3281f258b3e 100644 --- a/2007/3xxx/CVE-2007-3995.json +++ b/2007/3xxx/CVE-2007-3995.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3995", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3995", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4969.json b/2007/4xxx/CVE-2007-4969.json index 22e7a821693..1b4fdbb51b1 100644 --- a/2007/4xxx/CVE-2007-4969.json +++ b/2007/4xxx/CVE-2007-4969.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070918 Plague in (security) software drivers & BSDOhook utility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479830/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php" - }, - { - "name" : "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php" - }, - { - "name" : "25719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25719" - }, - { - "name" : "45953", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25719" + }, + { + "name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php" + }, + { + "name": "45953", + "refsource": "OSVDB", + "url": "http://osvdb.org/45953" + }, + { + "name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php", + "refsource": "MISC", + "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php" + }, + { + "name": "20070918 Plague in (security) software drivers & BSDOhook utility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6691.json b/2007/6xxx/CVE-2007-6691.json index e6255152d8b..d8126721aec 100644 --- a/2007/6xxx/CVE-2007-6691.json +++ b/2007/6xxx/CVE-2007-6691.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) \"hotlink protection\" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified \"item information disclosure attacks\" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.4_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.4_released" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203217", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203217" - }, - { - "name" : "GLSA-200802-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-04.xml" - }, - { - "name" : "41662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41662" - }, - { - "name" : "41663", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41663" - }, - { - "name" : "41664", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41664" - }, - { - "name" : "41665", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41665" - }, - { - "name" : "41666", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41666" - }, - { - "name" : "41667", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41667" - }, - { - "name" : "28898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) \"hotlink protection\" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified \"item information disclosure attacks\" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41664", + "refsource": "OSVDB", + "url": "http://osvdb.org/41664" + }, + { + "name": "http://gallery.menalto.com/gallery_2.2.4_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.4_released" + }, + { + "name": "GLSA-200802-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-04.xml" + }, + { + "name": "41662", + "refsource": "OSVDB", + "url": "http://osvdb.org/41662" + }, + { + "name": "41665", + "refsource": "OSVDB", + "url": "http://osvdb.org/41665" + }, + { + "name": "41667", + "refsource": "OSVDB", + "url": "http://osvdb.org/41667" + }, + { + "name": "41666", + "refsource": "OSVDB", + "url": "http://osvdb.org/41666" + }, + { + "name": "28898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28898" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203217", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203217" + }, + { + "name": "41663", + "refsource": "OSVDB", + "url": "http://osvdb.org/41663" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0086.json b/2010/0xxx/CVE-2010-0086.json index 525c6d1a80e..0976de2781c 100644 --- a/2010/0xxx/CVE-2010-0086.json +++ b/2010/0xxx/CVE-2010-0086.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" - }, - { - "name" : "TA10-103B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" - }, - { - "name" : "1023869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023869" - }, - { - "name" : "39439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-103B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html" + }, + { + "name": "1023869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023869" + }, + { + "name": "39439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39439" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0691.json b/2010/0xxx/CVE-2010-0691.json index 06eca2cc6f7..0535f83437f 100644 --- a/2010/0xxx/CVE-2010-0691.json +++ b/2010/0xxx/CVE-2010-0691.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11445", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11445" - }, - { - "name" : "62329", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62329" - }, - { - "name" : "38588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11445", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11445" + }, + { + "name": "62329", + "refsource": "OSVDB", + "url": "http://osvdb.org/62329" + }, + { + "name": "38588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38588" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1046.json b/2010/1xxx/CVE-2010-1046.json index 925865fd2e0..b18fc4efff9 100644 --- a/2010/1xxx/CVE-2010-1046.json +++ b/2010/1xxx/CVE-2010-1046.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11356", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11356" - }, - { - "name" : "62162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62162" - }, - { - "name" : "38440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38440" - }, - { - "name" : "ADV-2010-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62162", + "refsource": "OSVDB", + "url": "http://osvdb.org/62162" + }, + { + "name": "38440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38440" + }, + { + "name": "ADV-2010-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0318" + }, + { + "name": "11356", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11356" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1559.json b/2010/1xxx/CVE-2010-1559.json index 7efbb7e3d96..4ed665235e2 100644 --- a/2010/1xxx/CVE-2010-1559.json +++ b/2010/1xxx/CVE-2010-1559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219" - }, - { - "name" : "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549" - }, - { - "name" : "39385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549" + }, + { + "name": "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219" + }, + { + "name": "39385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39385" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1881.json b/2010/1xxx/CVE-2010-1881.json index 8032b52c89c..38dc67e70a8 100644 --- a/2010/1xxx/CVE-2010-1881.json +++ b/2010/1xxx/CVE-2010-1881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka \"ACCWIZ.dll Uninitialized Variable Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044" - }, - { - "name" : "TA10-194A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11756", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka \"ACCWIZ.dll Uninitialized Variable Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-044" + }, + { + "name": "TA10-194A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" + }, + { + "name": "oval:org.mitre.oval:def:11756", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11756" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5072.json b/2010/5xxx/CVE-2010-5072.json index ad9229ab674..4797a7b1a89 100644 --- a/2010/5xxx/CVE-2010-5072.json +++ b/2010/5xxx/CVE-2010-5072.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://w2spconf.com/2010/papers/p26.pdf", - "refsource" : "MISC", - "url" : "http://w2spconf.com/2010/papers/p26.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://w2spconf.com/2010/papers/p26.pdf", + "refsource": "MISC", + "url": "http://w2spconf.com/2010/papers/p26.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5210.json b/2010/5xxx/CVE-2010-5210.json index ad0e81153ad..907877fd1ad 100644 --- a/2010/5xxx/CVE-2010-5210.json +++ b/2010/5xxx/CVE-2010-5210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[sorax_pdf_reader]_2.0_insecure_dll_hijacking", - "refsource" : "MISC", - "url" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[sorax_pdf_reader]_2.0_insecure_dll_hijacking" - }, - { - "name" : "41411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[sorax_pdf_reader]_2.0_insecure_dll_hijacking", + "refsource": "MISC", + "url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[sorax_pdf_reader]_2.0_insecure_dll_hijacking" + }, + { + "name": "41411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41411" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0413.json b/2014/0xxx/CVE-2014-0413.json index 0fed394a62e..c9a27386d12 100644 --- a/2014/0xxx/CVE-2014-0413.json +++ b/2014/0xxx/CVE-2014-0413.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0654.json b/2014/0xxx/CVE-2014-0654.json index f7e363794dd..5eda3fa7a28 100644 --- a/2014/0xxx/CVE-2014-0654.json +++ b/2014/0xxx/CVE-2014-0654.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32366", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32366" - }, - { - "name" : "20140107 Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0654" - }, - { - "name" : "64709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64709" - }, - { - "name" : "101802", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101802" - }, - { - "name" : "1029574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029574" - }, - { - "name" : "56365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56365" - }, - { - "name" : "cisco-cda-cve20140654-sec-bypass(90168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029574" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32366", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32366" + }, + { + "name": "64709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64709" + }, + { + "name": "56365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56365" + }, + { + "name": "20140107 Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0654" + }, + { + "name": "101802", + "refsource": "OSVDB", + "url": "http://osvdb.org/101802" + }, + { + "name": "cisco-cda-cve20140654-sec-bypass(90168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90168" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0739.json b/2014/0xxx/CVE-2014-0739.json index 8382f681d01..f52f0c25e1c 100644 --- a/2014/0xxx/CVE-2014-0739.json +++ b/2014/0xxx/CVE-2014-0739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32955", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32955" - }, - { - "name" : "20140220 Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140220 Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32955", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32955" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100010.json b/2014/100xxx/CVE-2014-100010.json index 60dba6eeb88..c1ce325ddf8 100644 --- a/2014/100xxx/CVE-2014-100010.json +++ b/2014/100xxx/CVE-2014-100010.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140307 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531373/100/0/threaded" - }, - { - "name" : "20140310 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/73" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs127", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs127" - }, - { - "name" : "66058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66058" - }, - { - "name" : "57306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140310 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/73" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs127", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs127" + }, + { + "name": "57306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57306" + }, + { + "name": "20140307 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531373/100/0/threaded" + }, + { + "name": "66058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66058" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1279.json b/2014/1xxx/CVE-2014-1279.json index 5016380075d..0f2b29c26cd 100644 --- a/2014/1xxx/CVE-2014-1279.json +++ b/2014/1xxx/CVE-2014-1279.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6163" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1618.json b/2014/1xxx/CVE-2014-1618.json index b0e3297ae7e..c5115d05f0e 100644 --- a/2014/1xxx/CVE-2014-1618.json +++ b/2014/1xxx/CVE-2014-1618.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt" - }, - { - "name" : "http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty", - "refsource" : "MISC", - "url" : "http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty" - }, - { - "name" : "64734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64734" - }, - { - "name" : "101859", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101859" - }, - { - "name" : "101899", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101899" - }, - { - "name" : "101900", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101900" - }, - { - "name" : "56351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56351" - }, - { - "name" : "uaepd-multiple-sql-injection(90214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty", + "refsource": "MISC", + "url": "http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty" + }, + { + "name": "101899", + "refsource": "OSVDB", + "url": "http://osvdb.org/101899" + }, + { + "name": "http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt" + }, + { + "name": "uaepd-multiple-sql-injection(90214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90214" + }, + { + "name": "64734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64734" + }, + { + "name": "101859", + "refsource": "OSVDB", + "url": "http://osvdb.org/101859" + }, + { + "name": "56351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56351" + }, + { + "name": "101900", + "refsource": "OSVDB", + "url": "http://osvdb.org/101900" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5594.json b/2014/5xxx/CVE-2014-5594.json index 88947010eaf..688f44acd97 100644 --- a/2014/5xxx/CVE-2014-5594.json +++ b/2014/5xxx/CVE-2014-5594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#184209", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/184209" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#184209", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/184209" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5980.json b/2014/5xxx/CVE-2014-5980.json index e1ed2a988a7..3f8a0d5df00 100644 --- a/2014/5xxx/CVE-2014-5980.json +++ b/2014/5xxx/CVE-2014-5980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Genertel (aka com.genertel) application 2.6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#286729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/286729" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Genertel (aka com.genertel) application 2.6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#286729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/286729" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2408.json b/2015/2xxx/CVE-2015-2408.json index 1fefddd0a74..54c107b613f 100644 --- a/2015/2xxx/CVE-2015-2408.json +++ b/2015/2xxx/CVE-2015-2408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1767 and CVE-2015-2401." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-458", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-458" - }, - { - "name" : "MS15-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" - }, - { - "name" : "1032894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1767 and CVE-2015-2401." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032894" + }, + { + "name": "MS15-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-458", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-458" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2566.json b/2015/2xxx/CVE-2015-2566.json index 3ffb8e58a8d..d19cdbd42a0 100644 --- a/2015/2xxx/CVE-2015-2566.json +++ b/2015/2xxx/CVE-2015-2566.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "GLSA-201507-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-19" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201507-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-19" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2697.json b/2015/2xxx/CVE-2015-2697.json index b86de2af9bf..755d5195f6e 100644 --- a/2015/2xxx/CVE-2015-2697.json +++ b/2015/2xxx/CVE-2015-2697.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252" - }, - { - "name" : "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3395", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3395" - }, - { - "name" : "GLSA-201611-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-14" - }, - { - "name" : "SUSE-SU-2015:1897", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:1928", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1997", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html" - }, - { - "name" : "USN-2810-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2810-1" - }, - { - "name" : "77581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77581" - }, - { - "name" : "1034084", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789" + }, + { + "name": "77581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77581" + }, + { + "name": "SUSE-SU-2015:1897", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html" + }, + { + "name": "GLSA-201611-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-14" + }, + { + "name": "1034084", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034084" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2015:1997", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html" + }, + { + "name": "openSUSE-SU-2015:1928", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252" + }, + { + "name": "DSA-3395", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3395" + }, + { + "name": "USN-2810-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2810-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10205.json b/2016/10xxx/CVE-2016-10205.json index 0d8e5da3881..32f87ddb83b 100644 --- a/2016/10xxx/CVE-2016-10205.json +++ b/2016/10xxx/CVE-2016-10205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170204 Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/05/1" - }, - { - "name" : "https://www.foxmole.com/advisories/foxmole-2016-07-05.txt", - "refsource" : "MISC", - "url" : "https://www.foxmole.com/advisories/foxmole-2016-07-05.txt" - }, - { - "name" : "97116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170204 Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/05/1" + }, + { + "name": "97116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97116" + }, + { + "name": "https://www.foxmole.com/advisories/foxmole-2016-07-05.txt", + "refsource": "MISC", + "url": "https://www.foxmole.com/advisories/foxmole-2016-07-05.txt" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10222.json b/2016/10xxx/CVE-2016-10222.json index 18e9c35b1c9..d99ffd194c6 100644 --- a/2016/10xxx/CVE-2016-10222.json +++ b/2016/10xxx/CVE-2016-10222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a \"type confusion\" in the JSON.stringify function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.webkit.org/changeset/208123", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/208123" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=164123", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=164123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a \"type confusion\" in the JSON.stringify function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.webkit.org/changeset/208123", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/208123" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=164123", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=164123" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10562.json b/2016/10xxx/CVE-2016-10562.json index ac0d3b66d00..bbb2cf550cd 100644 --- a/2016/10xxx/CVE-2016-10562.json +++ b/2016/10xxx/CVE-2016-10562.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iedriver node module", - "version" : { - "version_data" : [ - { - "version_value" : "<3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iedriver node module", + "version": { + "version_data": [ + { + "version_value": "<3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/174", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/174", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/174" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3622.json b/2016/3xxx/CVE-2016-3622.json index 7f23a5eb71c..153eda953c1 100644 --- a/2016/3xxx/CVE-2016-3622.json +++ b/2016/3xxx/CVE-2016-3622.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/07/4" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "85917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85917" - }, - { - "name" : "1035508", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035508", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035508" + }, + { + "name": "85917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85917" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/07/4" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4536.json b/2016/4xxx/CVE-2016-4536.json index cf140f39236..90c0cb4b53f 100644 --- a/2016/4xxx/CVE-2016-4536.json +++ b/2016/4xxx/CVE-2016-4536.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-4536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", - "refsource" : "MLIST", - "url" : "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html" - }, - { - "name" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17" - }, - { - "name" : "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt" + }, + { + "name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17" + }, + { + "name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", + "refsource": "MLIST", + "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4858.json b/2016/4xxx/CVE-2016-4858.json index 19eaafa2793..e0171ab3065 100644 --- a/2016/4xxx/CVE-2016-4858.json +++ b/2016/4xxx/CVE-2016-4858.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Splunk Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.x prior to 6.4.2" - }, - { - "version_value" : "6.3.x prior to 6.3.6" - }, - { - "version_value" : "6.2.x prior to 6.2.10" - }, - { - "version_value" : "6.1.x prior to 6.1.11" - }, - { - "version_value" : "6.0.x prior to 6.0.12" - }, - { - "version_value" : "5.0.x prior to 5.0.16" - } - ] - } - }, - { - "product_name" : "Splunk Light", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 6.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Splunk Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_value": "6.4.x prior to 6.4.2" + }, + { + "version_value": "6.3.x prior to 6.3.6" + }, + { + "version_value": "6.2.x prior to 6.2.10" + }, + { + "version_value": "6.1.x prior to 6.1.11" + }, + { + "version_value": "6.0.x prior to 6.0.12" + }, + { + "version_value": "5.0.x prior to 5.0.16" + } + ] + } + }, + { + "product_name": "Splunk Light", + "version": { + "version_data": [ + { + "version_value": "prior to 6.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Splunk Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.splunk.com/view/SP-CAAAPN9", - "refsource" : "CONFIRM", - "url" : "https://www.splunk.com/view/SP-CAAAPN9" - }, - { - "name" : "JVN#71462075", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN71462075/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.splunk.com/view/SP-CAAAPN9", + "refsource": "CONFIRM", + "url": "https://www.splunk.com/view/SP-CAAAPN9" + }, + { + "name": "JVN#71462075", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN71462075/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8264.json b/2016/8xxx/CVE-2016-8264.json index c50d1f0c228..1cf4f507894 100644 --- a/2016/8xxx/CVE-2016-8264.json +++ b/2016/8xxx/CVE-2016-8264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8264", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8264", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8802.json b/2016/8xxx/CVE-2016-8802.json index 79a35278204..1014bf5c166 100644 --- a/2016/8xxx/CVE-2016-8802.json +++ b/2016/8xxx/CVE-2016-8802.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,", - "version" : { - "version_data" : [ - { - "version_value" : "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200," - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,", + "version": { + "version_data": [ + { + "version_value": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200," + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en" - }, - { - "name" : "94538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en" + }, + { + "name": "94538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94538" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8807.json b/2016/8xxx/CVE-2016-8807.json index 8edfb790d22..e9bc61344f8 100644 --- a/2016/8xxx/CVE-2016-8807.json +++ b/2016/8xxx/CVE-2016-8807.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2016-8807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quadro, NVS, and GeForce (all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Quadro, NVS, and GeForce (all versions)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2016-8807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quadro, NVS, and GeForce (all versions)", + "version": { + "version_data": [ + { + "version_value": "Quadro, NVS, and GeForce (all versions)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40668", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40668/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" - }, - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-10822", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-10822" - }, - { - "name" : "94002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-10822", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-10822" + }, + { + "name": "40668", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40668/" + }, + { + "name": "94002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94002" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8872.json b/2016/8xxx/CVE-2016-8872.json index 33a03f3f94d..87b75e498c1 100644 --- a/2016/8xxx/CVE-2016-8872.json +++ b/2016/8xxx/CVE-2016-8872.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8872", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8872", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9067.json b/2016/9xxx/CVE-2016-9067.json index a186de387c2..af576bac8fb 100644 --- a/2016/9xxx/CVE-2016-9067.json +++ b/2016/9xxx/CVE-2016-9067.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-use-after-free in nsINode::ReplaceOrInsertBefore" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-use-after-free in nsINode::ReplaceOrInsertBefore" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777" + }, + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9133.json b/2016/9xxx/CVE-2016-9133.json index b577f259b36..be628e1221c 100644 --- a/2016/9xxx/CVE-2016-9133.json +++ b/2016/9xxx/CVE-2016-9133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9245.json b/2016/9xxx/CVE-2016-9245.json index e282182a9c9..7b9fcf9fe2a 100644 --- a/2016/9xxx/CVE-2016-9245.json +++ b/2016/9xxx/CVE-2016-9245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-9245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.0 - 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"Normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-9245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "12.1.0 - 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K22216037", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K22216037" - }, - { - "name" : "96471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96471" - }, - { - "name" : "1037964", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"Normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K22216037", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K22216037" + }, + { + "name": "1037964", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037964" + }, + { + "name": "96471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96471" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9379.json b/2016/9xxx/CVE-2016-9379.json index f20adb25bd3..9608a3dad0b 100644 --- a/2016/9xxx/CVE-2016-9379.json +++ b/2016/9xxx/CVE-2016-9379.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-198.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-198.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/xsa198.patch", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/xsa198.patch" - }, - { - "name" : "https://support.citrix.com/article/CTX218775", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX218775" - }, - { - "name" : "GLSA-201612-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-56" - }, - { - "name" : "94473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94473" - }, - { - "name" : "1037347", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/xsa198.patch", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/xsa198.patch" + }, + { + "name": "94473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94473" + }, + { + "name": "GLSA-201612-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-56" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-198.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-198.html" + }, + { + "name": "1037347", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037347" + }, + { + "name": "https://support.citrix.com/article/CTX218775", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX218775" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2391.json b/2019/2xxx/CVE-2019-2391.json index d374baabf5d..ffd03203b04 100644 --- a/2019/2xxx/CVE-2019-2391.json +++ b/2019/2xxx/CVE-2019-2391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2418.json b/2019/2xxx/CVE-2019-2418.json index 456ffdef23d..c600d51f630 100644 --- a/2019/2xxx/CVE-2019-2418.json +++ b/2019/2xxx/CVE-2019-2418.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebLogic Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.3.6.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.3.6.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106617" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2483.json b/2019/2xxx/CVE-2019-2483.json index 29e5242a3f7..64cef7339cc 100644 --- a/2019/2xxx/CVE-2019-2483.json +++ b/2019/2xxx/CVE-2019-2483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2956.json b/2019/2xxx/CVE-2019-2956.json index bb0e4ccfb43..8906978f73a 100644 --- a/2019/2xxx/CVE-2019-2956.json +++ b/2019/2xxx/CVE-2019-2956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6015.json b/2019/6xxx/CVE-2019-6015.json index 65ebffb7c30..27751029fad 100644 --- a/2019/6xxx/CVE-2019-6015.json +++ b/2019/6xxx/CVE-2019-6015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6210.json b/2019/6xxx/CVE-2019-6210.json index 9951abe67ba..777d0f4d7a8 100644 --- a/2019/6xxx/CVE-2019-6210.json +++ b/2019/6xxx/CVE-2019-6210.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "macOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "macOS Mojave 10.14.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - }, - { - "product_name" : "watchOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "watchOS 5.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A malicious application may be able to execute arbitrary code with kernel privileges" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209446", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209446" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "https://support.apple.com/HT209448", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209448" - }, - { - "name" : "106739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT209446", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209446" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "https://support.apple.com/HT209448", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209448" + }, + { + "name": "106739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106739" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6332.json b/2019/6xxx/CVE-2019-6332.json index bb962caec56..50a8f327b2c 100644 --- a/2019/6xxx/CVE-2019-6332.json +++ b/2019/6xxx/CVE-2019-6332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6987.json b/2019/6xxx/CVE-2019-6987.json index 5629db15318..d9e15a0ef32 100644 --- a/2019/6xxx/CVE-2019-6987.json +++ b/2019/6xxx/CVE-2019-6987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7449.json b/2019/7xxx/CVE-2019-7449.json index 846e9b706cb..b87245dc8a3 100644 --- a/2019/7xxx/CVE-2019-7449.json +++ b/2019/7xxx/CVE-2019-7449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7543.json b/2019/7xxx/CVE-2019-7543.json index 29fa2cc1b4a..6ecabea4694 100644 --- a/2019/7xxx/CVE-2019-7543.json +++ b/2019/7xxx/CVE-2019-7543.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor", - "refsource" : "MISC", - "url" : "https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor", + "refsource": "MISC", + "url": "https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7965.json b/2019/7xxx/CVE-2019-7965.json index f316a541454..0c3d4a91a24 100644 --- a/2019/7xxx/CVE-2019-7965.json +++ b/2019/7xxx/CVE-2019-7965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file