From d3c6f33add422337f1f24f411ccd7883355f6293 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:33:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5045.json | 170 ++++++++++---------- 2006/5xxx/CVE-2006-5156.json | 250 ++++++++++++++--------------- 2006/5xxx/CVE-2006-5612.json | 170 ++++++++++---------- 2007/2xxx/CVE-2007-2033.json | 180 ++++++++++----------- 2007/2xxx/CVE-2007-2255.json | 170 ++++++++++---------- 2007/2xxx/CVE-2007-2736.json | 150 +++++++++--------- 2007/2xxx/CVE-2007-2769.json | 180 ++++++++++----------- 2007/2xxx/CVE-2007-2919.json | 170 ++++++++++---------- 2007/3xxx/CVE-2007-3214.json | 170 ++++++++++---------- 2007/3xxx/CVE-2007-3745.json | 180 ++++++++++----------- 2007/3xxx/CVE-2007-3911.json | 190 +++++++++++----------- 2007/6xxx/CVE-2007-6196.json | 170 ++++++++++---------- 2007/6xxx/CVE-2007-6337.json | 280 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6748.json | 34 ++-- 2010/0xxx/CVE-2010-0475.json | 150 +++++++++--------- 2010/0xxx/CVE-2010-0502.json | 130 +++++++-------- 2010/0xxx/CVE-2010-0605.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1126.json | 160 +++++++++---------- 2010/1xxx/CVE-2010-1545.json | 34 ++-- 2014/0xxx/CVE-2014-0404.json | 190 +++++++++++----------- 2014/0xxx/CVE-2014-0568.json | 160 +++++++++---------- 2014/1xxx/CVE-2014-1250.json | 130 +++++++-------- 2014/1xxx/CVE-2014-1472.json | 170 ++++++++++---------- 2014/4xxx/CVE-2014-4326.json | 140 ++++++++--------- 2014/4xxx/CVE-2014-4757.json | 140 ++++++++--------- 2014/5xxx/CVE-2014-5022.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5231.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5261.json | 190 +++++++++++----------- 2014/5xxx/CVE-2014-5894.json | 140 ++++++++--------- 2015/2xxx/CVE-2015-2700.json | 34 ++-- 2015/2xxx/CVE-2015-2873.json | 140 ++++++++--------- 2016/10xxx/CVE-2016-10395.json | 170 ++++++++++---------- 2016/3xxx/CVE-2016-3059.json | 130 +++++++-------- 2016/3xxx/CVE-2016-3474.json | 150 +++++++++--------- 2016/4xxx/CVE-2016-4496.json | 170 ++++++++++---------- 2016/8xxx/CVE-2016-8020.json | 150 +++++++++--------- 2016/8xxx/CVE-2016-8314.json | 152 +++++++++--------- 2016/8xxx/CVE-2016-8358.json | 130 +++++++-------- 2016/8xxx/CVE-2016-8970.json | 34 ++-- 2016/9xxx/CVE-2016-9013.json | 180 ++++++++++----------- 2016/9xxx/CVE-2016-9282.json | 140 ++++++++--------- 2016/9xxx/CVE-2016-9393.json | 180 ++++++++++----------- 2016/9xxx/CVE-2016-9589.json | 242 ++++++++++++++-------------- 2019/2xxx/CVE-2019-2146.json | 34 ++-- 2019/2xxx/CVE-2019-2156.json | 34 ++-- 2019/2xxx/CVE-2019-2533.json | 132 ++++++++-------- 2019/2xxx/CVE-2019-2579.json | 34 ++-- 2019/6xxx/CVE-2019-6026.json | 34 ++-- 2019/6xxx/CVE-2019-6598.json | 128 +++++++-------- 2019/6xxx/CVE-2019-6720.json | 34 ++-- 2019/7xxx/CVE-2019-7067.json | 34 ++-- 51 files changed, 3542 insertions(+), 3542 deletions(-) diff --git a/2006/5xxx/CVE-2006-5045.json b/2006/5xxx/CVE-2006-5045.json index de052a33985..4cad387729c 100644 --- a/2006/5xxx/CVE-2006-5045.json +++ b/2006/5xxx/CVE-2006-5045.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.joomla.org/index.php/topic,77975.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,77975.0.html" - }, - { - "name" : "http://forum.joomla.org/index.php/topic,79477.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.joomla.org/index.php/topic,79477.0.html" - }, - { - "name" : "19037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19037" - }, - { - "name" : "ADV-2006-2843", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2843" - }, - { - "name" : "21068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21068" - }, - { - "name" : "pollxt-pollxt-file-include(27779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19037" + }, + { + "name": "http://forum.joomla.org/index.php/topic,77975.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,77975.0.html" + }, + { + "name": "http://forum.joomla.org/index.php/topic,79477.0.html", + "refsource": "CONFIRM", + "url": "http://forum.joomla.org/index.php/topic,79477.0.html" + }, + { + "name": "ADV-2006-2843", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2843" + }, + { + "name": "pollxt-pollxt-file-include(27779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27779" + }, + { + "name": "21068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21068" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5156.json b/2006/5xxx/CVE-2006-5156.json index b012c230040..65d28ebcba1 100644 --- a/2006/5xxx/CVE-2006-5156.json +++ b/2006/5xxx/CVE-2006-5156.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061002 McAfee EPO Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html" - }, - { - "name" : "http://www.remote-exploit.org/advisories/mcafee-epo.pdf", - "refsource" : "MISC", - "url" : "http://www.remote-exploit.org/advisories/mcafee-epo.pdf" - }, - { - "name" : "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt", - "refsource" : "CONFIRM", - "url" : "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt" - }, - { - "name" : "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt", - "refsource" : "CONFIRM", - "url" : "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt" - }, - { - "name" : "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803", - "refsource" : "CONFIRM", - "url" : "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803" - }, - { - "name" : "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html" - }, - { - "name" : "VU#842452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/842452" - }, - { - "name" : "20288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20288" - }, - { - "name" : "ADV-2006-3861", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3861" - }, - { - "name" : "29421", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29421" - }, - { - "name" : "1016970", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016970" - }, - { - "name" : "1016971", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016971" - }, - { - "name" : "22222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22222" - }, - { - "name" : "epolicy-source-header-bo(29307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf", + "refsource": "MISC", + "url": "http://www.remote-exploit.org/advisories/mcafee-epo.pdf" + }, + { + "name": "1016970", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016970" + }, + { + "name": "1016971", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016971" + }, + { + "name": "epolicy-source-header-bo(29307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29307" + }, + { + "name": "20288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20288" + }, + { + "name": "29421", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29421" + }, + { + "name": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt", + "refsource": "CONFIRM", + "url": "http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt" + }, + { + "name": "ADV-2006-3861", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3861" + }, + { + "name": "20061002 McAfee EPO Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html" + }, + { + "name": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html" + }, + { + "name": "22222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22222" + }, + { + "name": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803", + "refsource": "CONFIRM", + "url": "http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803" + }, + { + "name": "VU#842452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/842452" + }, + { + "name": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt", + "refsource": "CONFIRM", + "url": "http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5612.json b/2006/5xxx/CVE-2006-5612.json index e884c457f62..56a4ec1ea68 100644 --- a/2006/5xxx/CVE-2006-5612.json +++ b/2006/5xxx/CVE-2006-5612.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061026 GestArt <= vbeta 1 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449887/100/0/threaded" - }, - { - "name" : "3467", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3467" - }, - { - "name" : "20750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20750" - }, - { - "name" : "ADV-2007-0943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0943" - }, - { - "name" : "1795", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1795" - }, - { - "name" : "gestart-aide-file-include(29853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1795", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1795" + }, + { + "name": "20061026 GestArt <= vbeta 1 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449887/100/0/threaded" + }, + { + "name": "gestart-aide-file-include(29853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29853" + }, + { + "name": "ADV-2007-0943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0943" + }, + { + "name": "3467", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3467" + }, + { + "name": "20750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20750" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2033.json b/2007/2xxx/CVE-2007-2033.json index 173e5ec7df4..06ca7c78477 100644 --- a/2007/2xxx/CVE-2007-2033.json +++ b/2007/2xxx/CVE-2007-2033.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml" - }, - { - "name" : "23460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23460" - }, - { - "name" : "ADV-2007-1367", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1367" - }, - { - "name" : "34129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34129" - }, - { - "name" : "1017907", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017907" - }, - { - "name" : "24865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24865" - }, - { - "name" : "cisco-wcs-account-privilege-escalation(33612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070412 Multiple Vulnerabilities in the Cisco Wireless Control System", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml" + }, + { + "name": "ADV-2007-1367", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1367" + }, + { + "name": "1017907", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017907" + }, + { + "name": "cisco-wcs-account-privilege-escalation(33612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33612" + }, + { + "name": "23460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23460" + }, + { + "name": "24865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24865" + }, + { + "name": "34129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34129" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2255.json b/2007/2xxx/CVE-2007-2255.json index 400e173c987..ad41aa8ccdb 100644 --- a/2007/2xxx/CVE-2007-2255.json +++ b/2007/2xxx/CVE-2007-2255.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070417 Remot File Include download_engine_V1.4.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465984/100/100/threaded" - }, - { - "name" : "35398", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35398" - }, - { - "name" : "35399", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35399" - }, - { - "name" : "35400", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35400" - }, - { - "name" : "2619", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2619" - }, - { - "name" : "downloadengine-multiple-file-include(33723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "downloadengine-multiple-file-include(33723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33723" + }, + { + "name": "35400", + "refsource": "OSVDB", + "url": "http://osvdb.org/35400" + }, + { + "name": "35399", + "refsource": "OSVDB", + "url": "http://osvdb.org/35399" + }, + { + "name": "20070417 Remot File Include download_engine_V1.4.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465984/100/100/threaded" + }, + { + "name": "2619", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2619" + }, + { + "name": "35398", + "refsource": "OSVDB", + "url": "http://osvdb.org/35398" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2736.json b/2007/2xxx/CVE-2007-2736.json index eb8bd3de194..2d951ebd01c 100644 --- a/2007/2xxx/CVE-2007-2736.json +++ b/2007/2xxx/CVE-2007-2736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3928", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3928" - }, - { - "name" : "23992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23992" - }, - { - "name" : "37919", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37919" - }, - { - "name" : "achievo-index-file-include(34305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3928", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3928" + }, + { + "name": "achievo-index-file-include(34305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" + }, + { + "name": "37919", + "refsource": "OSVDB", + "url": "http://osvdb.org/37919" + }, + { + "name": "23992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23992" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2769.json b/2007/2xxx/CVE-2007-2769.json index a471c867f70..e4c2bcff553 100644 --- a/2007/2xxx/CVE-2007-2769.json +++ b/2007/2xxx/CVE-2007-2769.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opendap.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.opendap.org/security.html" - }, - { - "name" : "VU#659148", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659148" - }, - { - "name" : "24055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24055" - }, - { - "name" : "ADV-2007-1887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1887" - }, - { - "name" : "35487", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35487" - }, - { - "name" : "25319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25319" - }, - { - "name" : "opendap-beshyrax-compressed-code-execution(34408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opendap-beshyrax-compressed-code-execution(34408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34408" + }, + { + "name": "ADV-2007-1887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1887" + }, + { + "name": "VU#659148", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659148" + }, + { + "name": "http://www.opendap.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.opendap.org/security.html" + }, + { + "name": "25319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25319" + }, + { + "name": "35487", + "refsource": "OSVDB", + "url": "http://osvdb.org/35487" + }, + { + "name": "24055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24055" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2919.json b/2007/2xxx/CVE-2007-2919.json index 6396f4cbe86..c087405b1fe 100644 --- a/2007/2xxx/CVE-2007-2919.json +++ b/2007/2xxx/CVE-2007-2919.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-2919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#449089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449089" - }, - { - "name" : "24328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24328" - }, - { - "name" : "37042", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37042" - }, - { - "name" : "ADV-2007-2081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2081" - }, - { - "name" : "25568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25568" - }, - { - "name" : "flipviewer-fviewerloading-bo(34742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25568" + }, + { + "name": "24328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24328" + }, + { + "name": "ADV-2007-2081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2081" + }, + { + "name": "flipviewer-fviewerloading-bo(34742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34742" + }, + { + "name": "37042", + "refsource": "OSVDB", + "url": "http://osvdb.org/37042" + }, + { + "name": "VU#449089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449089" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3214.json b/2007/3xxx/CVE-2007-3214.json index bddf31d7b0d..ffec1a1fcae 100644 --- a/2007/3xxx/CVE-2007-3214.json +++ b/2007/3xxx/CVE-2007-3214.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4054" - }, - { - "name" : "24398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24398" - }, - { - "name" : "ADV-2007-2123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2123" - }, - { - "name" : "36607", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36607" - }, - { - "name" : "25605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25605" - }, - { - "name" : "evisioncms-style-sql-injection(34793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24398" + }, + { + "name": "4054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4054" + }, + { + "name": "36607", + "refsource": "OSVDB", + "url": "http://osvdb.org/36607" + }, + { + "name": "ADV-2007-2123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2123" + }, + { + "name": "evisioncms-style-sql-injection(34793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34793" + }, + { + "name": "25605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25605" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3745.json b/2007/3xxx/CVE-2007-3745.json index 0862ada1072..6f190625dee 100644 --- a/2007/3xxx/CVE-2007-3745.json +++ b/2007/3xxx/CVE-2007-3745.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "1018492", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018492" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "macos-coreaudio-code-execution(35725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "macos-coreaudio-code-execution(35725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35725" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "1018492", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018492" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3911.json b/2007/3xxx/CVE-2007-3911.json index 786ae80f332..86f56112e84 100644 --- a/2007/3xxx/CVE-2007-3911.json +++ b/2007/3xxx/CVE-2007-3911.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070725 ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474626/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-044.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-044.html" - }, - { - "name" : "25068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25068" - }, - { - "name" : "ADV-2007-2658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2658" - }, - { - "name" : "1018460", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018460" - }, - { - "name" : "26222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26222" - }, - { - "name" : "2954", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2954" - }, - { - "name" : "netvaultreport-scheduler-bo(35588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018460", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018460" + }, + { + "name": "26222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26222" + }, + { + "name": "20070725 ZDI-07-044: BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474626/100/0/threaded" + }, + { + "name": "ADV-2007-2658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2658" + }, + { + "name": "netvaultreport-scheduler-bo(35588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35588" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-044.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-044.html" + }, + { + "name": "25068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25068" + }, + { + "name": "2954", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2954" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6196.json b/2007/6xxx/CVE-2007-6196.json index ac87a99b7df..f42341cd239 100644 --- a/2007/6xxx/CVE-2007-6196.json +++ b/2007/6xxx/CVE-2007-6196.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://terra.calacode.com/mail/docs/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://terra.calacode.com/mail/docs/changelog.html" - }, - { - "name" : "26635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26635" - }, - { - "name" : "38911", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38911" - }, - { - "name" : "1019013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019013" - }, - { - "name" : "27837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27837" - }, - { - "name" : "atmail-func-xss(38758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://terra.calacode.com/mail/docs/changelog.html", + "refsource": "CONFIRM", + "url": "http://terra.calacode.com/mail/docs/changelog.html" + }, + { + "name": "38911", + "refsource": "OSVDB", + "url": "http://osvdb.org/38911" + }, + { + "name": "1019013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019013" + }, + { + "name": "27837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27837" + }, + { + "name": "26635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26635" + }, + { + "name": "atmail-func-xss(38758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38758" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6337.json b/2007/6xxx/CVE-2007-6337.json index 9011b89541e..b9dade809c8 100644 --- a/2007/6xxx/CVE-2007-6337.json +++ b/2007/6xxx/CVE-2007-6337.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "FEDORA-2008-0115", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html" - }, - { - "name" : "FEDORA-2008-0170", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html" - }, - { - "name" : "GLSA-200712-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-20.xml" - }, - { - "name" : "MDVSA-2008:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003" - }, - { - "name" : "SUSE-SR:2008:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" - }, - { - "name" : "27063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27063" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "42293", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42293" - }, - { - "name" : "1019149", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019149" - }, - { - "name" : "28278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28278" - }, - { - "name" : "28153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28153" - }, - { - "name" : "28421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28421" - }, - { - "name" : "28412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28412" - }, - { - "name" : "28587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28587" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003" + }, + { + "name": "28412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28412" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "FEDORA-2008-0170", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html" + }, + { + "name": "27063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27063" + }, + { + "name": "42293", + "refsource": "OSVDB", + "url": "http://osvdb.org/42293" + }, + { + "name": "28421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28421" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "FEDORA-2008-0115", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html" + }, + { + "name": "28587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28587" + }, + { + "name": "28153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28153" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "GLSA-200712-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-20.xml" + }, + { + "name": "1019149", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019149" + }, + { + "name": "28278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28278" + }, + { + "name": "SUSE-SR:2008:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6748.json b/2007/6xxx/CVE-2007-6748.json index c36c7baa3d4..ac58fefec8d 100644 --- a/2007/6xxx/CVE-2007-6748.json +++ b/2007/6xxx/CVE-2007-6748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0475.json b/2010/0xxx/CVE-2010-0475.json index 4069b70cdbe..33c3c0316db 100644 --- a/2010/0xxx/CVE-2010-0475.json +++ b/2010/0xxx/CVE-2010-0475.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html" - }, - { - "name" : "http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=", - "refsource" : "MISC", - "url" : "http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=" - }, - { - "name" : "40113", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40113" - }, - { - "name" : "paloalto-edituser-xss(58624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40113", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40113" + }, + { + "name": "http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=", + "refsource": "MISC", + "url": "http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page=" + }, + { + "name": "paloalto-edituser-xss(58624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58624" + }, + { + "name": "20100512 Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0502.json b/2010/0xxx/CVE-2010-0502.json index c98c5826ccc..83c1cfdbccb 100644 --- a/2010/0xxx/CVE-2010-0502.json +++ b/2010/0xxx/CVE-2010-0502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0605.json b/2010/0xxx/CVE-2010-0605.json index b60305cbccc..8085b3bdefa 100644 --- a/2010/0xxx/CVE-2010-0605.json +++ b/2010/0xxx/CVE-2010-0605.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf" - }, - { - "name" : "11380", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11380" - }, - { - "name" : "http://osticket.com/forums/project.php?issueid=176", - "refsource" : "CONFIRM", - "url" : "http://osticket.com/forums/project.php?issueid=176" - }, - { - "name" : "38166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38166" - }, - { - "name" : "38515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11380", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11380" + }, + { + "name": "38166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38166" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf" + }, + { + "name": "http://osticket.com/forums/project.php?issueid=176", + "refsource": "CONFIRM", + "url": "http://osticket.com/forums/project.php?issueid=176" + }, + { + "name": "38515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38515" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1126.json b/2010/1xxx/CVE-2010-1126.json index 5a868b888c1..4011e6fb29d 100644 --- a/2010/1xxx/CVE-2010-1126.json +++ b/2010/1xxx/CVE-2010-1126.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100313 ...because you can't get enough of clickjacking", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510070/100/0/threaded" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552255", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552255" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=552255", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=552255" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "20100313 ...because you can't get enough of clickjacking", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510070/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1545.json b/2010/1xxx/CVE-2010-1545.json index 915f5c661c6..c63876c0c65 100644 --- a/2010/1xxx/CVE-2010-1545.json +++ b/2010/1xxx/CVE-2010-1545.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1545", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1545", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0404.json b/2014/0xxx/CVE-2014-0404.json index 39d2e28f59b..65f5bdb5f1e 100644 --- a/2014/0xxx/CVE-2014-0404.json +++ b/2014/0xxx/CVE-2014-0404.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "DSA-2878", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2878" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64911" - }, - { - "name" : "102061", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102061" - }, - { - "name" : "1029610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029610" - }, - { - "name" : "56490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56490" - }, - { - "name" : "oracle-cpujan2014-cve20140404(90372)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56490" + }, + { + "name": "DSA-2878", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2878" + }, + { + "name": "64911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64911" + }, + { + "name": "oracle-cpujan2014-cve20140404(90372)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90372" + }, + { + "name": "102061", + "refsource": "OSVDB", + "url": "http://osvdb.org/102061" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "1029610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029610" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0568.json b/2014/0xxx/CVE-2014-0568.json index 8f1df4b6871..66bb1090837 100644 --- a/2014/0xxx/CVE-2014-0568.json +++ b/2014/0xxx/CVE-2014-0568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=94", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=94" - }, - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html" - }, - { - "name" : "69828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69828" - }, - { - "name" : "1030853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030853" - }, - { - "name" : "adobe-reader-cve20140568-sec-bypass(96000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-20.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-20.html" + }, + { + "name": "1030853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030853" + }, + { + "name": "69828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69828" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=94", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=94" + }, + { + "name": "adobe-reader-cve20140568-sec-bypass(96000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96000" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1250.json b/2014/1xxx/CVE-2014-1250.json index a342b8d2835..6139e51353f 100644 --- a/2014/1xxx/CVE-2014-1250.json +++ b/2014/1xxx/CVE-2014-1250.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - }, - { - "name" : "http://support.apple.com/kb/HT6151", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + }, + { + "name": "http://support.apple.com/kb/HT6151", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6151" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1472.json b/2014/1xxx/CVE-2014-1472.json index 52862f07d52..0be422b11ff 100644 --- a/2014/1xxx/CVE-2014-1472.json +++ b/2014/1xxx/CVE-2014-1472.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10061", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10061" - }, - { - "name" : "64795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64795" - }, - { - "name" : "101940", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101940" - }, - { - "name" : "1029591", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029591" - }, - { - "name" : "56394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56394" - }, - { - "name" : "mcafee-vm-unspec-xss(90244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56394" + }, + { + "name": "64795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64795" + }, + { + "name": "1029591", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029591" + }, + { + "name": "mcafee-vm-unspec-xss(90244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90244" + }, + { + "name": "101940", + "refsource": "OSVDB", + "url": "http://osvdb.org/101940" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10061", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10061" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4326.json b/2014/4xxx/CVE-2014-4326.json index e74ed7a97b9..77ce90c0878 100644 --- a/2014/4xxx/CVE-2014-4326.json +++ b/2014/4xxx/CVE-2014-4326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140718 CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532841/100/0/threaded" - }, - { - "name" : "http://www.elasticsearch.org/blog/logstash-1-4-2/", - "refsource" : "CONFIRM", - "url" : "http://www.elasticsearch.org/blog/logstash-1-4-2/" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.elasticsearch.org/blog/logstash-1-4-2/", + "refsource": "CONFIRM", + "url": "http://www.elasticsearch.org/blog/logstash-1-4-2/" + }, + { + "name": "20140718 CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532841/100/0/threaded" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4757.json b/2014/4xxx/CVE-2014-4757.json index cfb77631363..b9a5750ea96 100644 --- a/2014/4xxx/CVE-2014-4757.json +++ b/2014/4xxx/CVE-2014-4757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679144", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679144" - }, - { - "name" : "60619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60619" - }, - { - "name" : "ibm-content-cve20144757-info-disc(94456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60619" + }, + { + "name": "ibm-content-cve20144757-info-disc(94456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94456" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679144", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679144" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5022.json b/2014/5xxx/CVE-2014-5022.json index 711ada193b3..6c50ae1f9e6 100644 --- a/2014/5xxx/CVE-2014-5022.json +++ b/2014/5xxx/CVE-2014-5022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-CORE-2014-003", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2014-003" - }, - { - "name" : "DSA-2983", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2983", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2983" + }, + { + "name": "https://www.drupal.org/SA-CORE-2014-003", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2014-003" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5231.json b/2014/5xxx/CVE-2014-5231.json index fdd519eef36..d39da6fb82a 100644 --- a/2014/5xxx/CVE-2014-5231.json +++ b/2014/5xxx/CVE-2014-5231.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf" - }, - { - "name" : "1031546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf" + }, + { + "name": "1031546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031546" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5261.json b/2014/5xxx/CVE-2014-5261.json index 9e331ec6004..cf4958e8a26 100644 --- a/2014/5xxx/CVE-2014-5261.json +++ b/2014/5xxx/CVE-2014-5261.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140812 CVE id request: cacti remote code execution and SQL injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/351" - }, - { - "name" : "[oss-security] 20140816 Re: CVE id request: cacti remote code execution and SQL injection", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/386" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127165", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127165" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=7454", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=7454" - }, - { - "name" : "DSA-3007", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3007" - }, - { - "name" : "GLSA-201607-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-05" - }, - { - "name" : "69213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69213" - }, - { - "name" : "cacti-multiple-unspecified(95292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201607-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-05" + }, + { + "name": "DSA-3007", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3007" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127165", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127165" + }, + { + "name": "[oss-security] 20140812 CVE id request: cacti remote code execution and SQL injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/351" + }, + { + "name": "cacti-multiple-unspecified(95292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95292" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=7454", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=7454" + }, + { + "name": "69213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69213" + }, + { + "name": "[oss-security] 20140816 Re: CVE id request: cacti remote code execution and SQL injection", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/386" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5894.json b/2014/5xxx/CVE-2014-5894.json index 32b428baaf5..449cc25faa9 100644 --- a/2014/5xxx/CVE-2014-5894.json +++ b/2014/5xxx/CVE-2014-5894.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AireTalk: Text, Call, & More! (aka com.pingshow.amper) application 2.0.73 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#932209", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/932209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AireTalk: Text, Call, & More! (aka com.pingshow.amper) application 2.0.73 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#932209", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/932209" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2700.json b/2015/2xxx/CVE-2015-2700.json index f536a29e75c..3956806e9c4 100644 --- a/2015/2xxx/CVE-2015-2700.json +++ b/2015/2xxx/CVE-2015-2700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2873.json b/2015/2xxx/CVE-2015-2873.json index 73425673599..92bcf36fc79 100644 --- a/2015/2xxx/CVE-2015-2873.json +++ b/2015/2xxx/CVE-2015-2873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://esupport.trendmicro.com/solution/en-US/1112206.aspx", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/solution/en-US/1112206.aspx" - }, - { - "name" : "VU#248692", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/248692" - }, - { - "name" : "76396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76396" + }, + { + "name": "http://esupport.trendmicro.com/solution/en-US/1112206.aspx", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/solution/en-US/1112206.aspx" + }, + { + "name": "VU#248692", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/248692" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10395.json b/2016/10xxx/CVE-2016-10395.json index fb8de5f7b5d..48d987d6584 100644 --- a/2016/10xxx/CVE-2016-10395.json +++ b/2016/10xxx/CVE-2016-10395.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2016-10395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FlexNet Publisher", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform" - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds memory read access leading to local user privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2016-10395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FlexNet Publisher", + "version": { + "version_data": [ + { + "version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform" + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/76368/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/76368/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" - }, - { - "name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", - "refsource" : "CONFIRM", - "url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds memory read access leading to local user privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/" + }, + { + "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", + "refsource": "CONFIRM", + "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3059.json b/2016/3xxx/CVE-2016-3059.json index f2b2c00bde5..89fc9ce6f8c 100644 --- a/2016/3xxx/CVE-2016-3059.json +++ b/2016/3xxx/CVE-2016-3059.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987333", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987333" - }, - { - "name" : "1036488", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987333", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987333" + }, + { + "name": "1036488", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036488" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3474.json b/2016/3xxx/CVE-2016-3474.json index aa4afbbbce8..3b73a848c33 100644 --- a/2016/3xxx/CVE-2016-3474.json +++ b/2016/3xxx/CVE-2016-3474.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "92027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92027" - }, - { - "name" : "1036370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "92027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92027" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036370" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4496.json b/2016/4xxx/CVE-2016-4496.json index 12d3b62429a..bc0e5cd41d1 100644 --- a/2016/4xxx/CVE-2016-4496.json +++ b/2016/4xxx/CVE-2016-4496.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-333/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-333/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-335/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-335/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-336/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-336/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-337/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-337/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01" - }, - { - "name" : "90520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-337/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-337/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-333/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-333/" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-336/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-336/" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-335/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-335/" + }, + { + "name": "90520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90520" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8020.json b/2016/8xxx/CVE-2016-8020.json index 82ea214a9c7..8a6a0ddb9f5 100644 --- a/2016/8xxx/CVE-2016-8020.json +++ b/2016/8xxx/CVE-2016-8020.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper control of generation of code vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper control of generation of code vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8314.json b/2016/8xxx/CVE-2016-8314.json index 44615f071f1..520a94a12ca 100644 --- a/2016/8xxx/CVE-2016-8314.json +++ b/2016/8xxx/CVE-2016-8314.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-8314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Core Banking", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.0" - }, - { - "version_value" : "5.2.0" - }, - { - "version_value" : "11.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-8314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Core Banking", + "version": { + "version_data": [ + { + "version_value": "5.1.0" + }, + { + "version_value": "5.2.0" + }, + { + "version_value": "11.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95609" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95609" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8358.json b/2016/8xxx/CVE-2016-8358.json index 7198a43d7b3..94cbaa57bc4 100644 --- a/2016/8xxx/CVE-2016-8358.json +++ b/2016/8xxx/CVE-2016-8358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", - "version" : { - "version_data" : [ - { - "version_value" : "Smiths-Medical CADD-Solis Medication Safety Software through 3.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Smiths-Medical CADD-Solis Medication Safety Software MITM" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1", + "version": { + "version_data": [ + { + "version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01" - }, - { - "name" : "94630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Smiths-Medical CADD-Solis Medication Safety Software MITM" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01" + }, + { + "name": "94630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94630" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8970.json b/2016/8xxx/CVE-2016-8970.json index e702924ec82..a24b5d24039 100644 --- a/2016/8xxx/CVE-2016-8970.json +++ b/2016/8xxx/CVE-2016-8970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8970", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8970", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9013.json b/2016/9xxx/CVE-2016-9013.json index f46e05efa6c..62bdf1d05fb 100644 --- a/2016/9xxx/CVE-2016-9013.json +++ b/2016/9xxx/CVE-2016-9013.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" - }, - { - "name" : "DSA-3835", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3835" - }, - { - "name" : "FEDORA-2016-3eb5a55123", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/" - }, - { - "name" : "FEDORA-2016-d4571bf555", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/" - }, - { - "name" : "USN-3115-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3115-1" - }, - { - "name" : "94069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94069" - }, - { - "name" : "1037159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" + }, + { + "name": "FEDORA-2016-d4571bf555", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/" + }, + { + "name": "DSA-3835", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3835" + }, + { + "name": "USN-3115-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3115-1" + }, + { + "name": "94069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94069" + }, + { + "name": "1037159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037159" + }, + { + "name": "FEDORA-2016-3eb5a55123", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9282.json b/2016/9xxx/CVE-2016-9282.json index cee6c8f97f3..f812f549ca9 100644 --- a/2016/9xxx/CVE-2016-9282.json +++ b/2016/9xxx/CVE-2016-9282.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/exponentcms/exponent-cms/commit/e83721a5b9fcc88e1141a8fb29c3d1bd522257c1", - "refsource" : "CONFIRM", - "url" : "https://github.com/exponentcms/exponent-cms/commit/e83721a5b9fcc88e1141a8fb29c3d1bd522257c1" - }, - { - "name" : "94296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94296" - }, - { - "name" : "1037281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/exponentcms/exponent-cms/commit/e83721a5b9fcc88e1141a8fb29c3d1bd522257c1", + "refsource": "CONFIRM", + "url": "https://github.com/exponentcms/exponent-cms/commit/e83721a5b9fcc88e1141a8fb29c3d1bd522257c1" + }, + { + "name": "94296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94296" + }, + { + "name": "1037281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037281" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9393.json b/2016/9xxx/CVE-2016-9393.json index 008e161f094..fd459dec626 100644 --- a/2016/9xxx/CVE-2016-9393.json +++ b/2016/9xxx/CVE-2016-9393.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161117 Re: jasper: multiple assertion failures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/17/1" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396972", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1396972" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "USN-3693-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3693-1/" - }, - { - "name" : "94377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/11/16/jasper-multiple-assertion-failure" + }, + { + "name": "94377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94377" + }, + { + "name": "https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "[oss-security] 20161117 Re: jasper: multiple assertion failures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/17/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1396972", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396972" + }, + { + "name": "USN-3693-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3693-1/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9589.json b/2016/9xxx/CVE-2016-9589.json index 7e27e9f76bf..b2e1004e998 100644 --- a/2016/9xxx/CVE-2016-9589.json +++ b/2016/9xxx/CVE-2016-9589.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-03-22T00:00:00", - "ID" : "CVE-2016-9589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "wildfly", - "version" : { - "version_data" : [ - { - "version_value" : "11.0.0.Beta1" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-03-22T00:00:00", + "ID": "CVE-2016-9589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wildfly", + "version": { + "version_data": [ + { + "version_value": "11.0.0.Beta1" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1404782", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1404782" - }, - { - "name" : "RHSA-2017:0830", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0830.html" - }, - { - "name" : "RHSA-2017:0831", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0831.html" - }, - { - "name" : "RHSA-2017:0832", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0832.html" - }, - { - "name" : "RHSA-2017:0834", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0834.html" - }, - { - "name" : "RHSA-2017:0872", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0872" - }, - { - "name" : "RHSA-2017:0873", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0873" - }, - { - "name" : "RHSA-2017:0876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0876.html" - }, - { - "name" : "RHSA-2017:3454", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3454" - }, - { - "name" : "RHSA-2017:3455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3455" - }, - { - "name" : "RHSA-2017:3456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3456" - }, - { - "name" : "RHSA-2017:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3458" - }, - { - "name" : "97060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0831", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html" + }, + { + "name": "RHSA-2017:0876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html" + }, + { + "name": "RHSA-2017:0834", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782" + }, + { + "name": "RHSA-2017:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3458" + }, + { + "name": "RHSA-2017:0832", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html" + }, + { + "name": "97060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97060" + }, + { + "name": "RHSA-2017:3455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3455" + }, + { + "name": "RHSA-2017:3456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3456" + }, + { + "name": "RHSA-2017:0873", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0873" + }, + { + "name": "RHSA-2017:3454", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3454" + }, + { + "name": "RHSA-2017:0830", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html" + }, + { + "name": "RHSA-2017:0872", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0872" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2146.json b/2019/2xxx/CVE-2019-2146.json index 16a86ad9f97..6ec46de491a 100644 --- a/2019/2xxx/CVE-2019-2146.json +++ b/2019/2xxx/CVE-2019-2146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2156.json b/2019/2xxx/CVE-2019-2156.json index 7aaee278b30..50493fe4943 100644 --- a/2019/2xxx/CVE-2019-2156.json +++ b/2019/2xxx/CVE-2019-2156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2533.json b/2019/2xxx/CVE-2019-2533.json index dc9c6b9b4ff..df60126b87b 100644 --- a/2019/2xxx/CVE-2019-2533.json +++ b/2019/2xxx/CVE-2019-2533.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2579.json b/2019/2xxx/CVE-2019-2579.json index 9a6bc9f5f41..e4e2ab530e8 100644 --- a/2019/2xxx/CVE-2019-2579.json +++ b/2019/2xxx/CVE-2019-2579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2579", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2579", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6026.json b/2019/6xxx/CVE-2019-6026.json index f5e37d195b4..c220423b031 100644 --- a/2019/6xxx/CVE-2019-6026.json +++ b/2019/6xxx/CVE-2019-6026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6598.json b/2019/6xxx/CVE-2019-6598.json index d791d303005..f7d09df5451 100644 --- a/2019/6xxx/CVE-2019-6598.json +++ b/2019/6xxx/CVE-2019-6598.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2019-03-11T00:00:00", - "ID" : "CVE-2019-6598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe); Enterprise Manager", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, 11.5.1-11.5.8" - }, - { - "version_value" : "EM 3.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2019-03-11T00:00:00", + "ID": "CVE-2019-6598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe); Enterprise Manager", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + }, + { + "version_value": "EM 3.1.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K44603900", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K44603900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K44603900", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K44603900" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6720.json b/2019/6xxx/CVE-2019-6720.json index 79e47479504..67e12fa889e 100644 --- a/2019/6xxx/CVE-2019-6720.json +++ b/2019/6xxx/CVE-2019-6720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7067.json b/2019/7xxx/CVE-2019-7067.json index 188b8e43be9..f90ac6e52d0 100644 --- a/2019/7xxx/CVE-2019-7067.json +++ b/2019/7xxx/CVE-2019-7067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file