diff --git a/2006/5xxx/CVE-2006-5393.json b/2006/5xxx/CVE-2006-5393.json index e0033a4baf5..b9a0b9f7d93 100644 --- a/2006/5xxx/CVE-2006-5393.json +++ b/2006/5xxx/CVE-2006-5393.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061009 Limitations in Cisco Secure Desktop", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml" - }, - { - "name" : "20410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20410" - }, - { - "name" : "1017018", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061009 Limitations in Cisco Secure Desktop", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml" + }, + { + "name": "20410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20410" + }, + { + "name": "1017018", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017018" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5555.json b/2006/5xxx/CVE-2006-5555.json index 2436b31248a..df1a7ddfe87 100644 --- a/2006/5xxx/CVE-2006-5555.json +++ b/2006/5xxx/CVE-2006-5555.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2596", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2596" - }, - { - "name" : "20061026 parameter name error in vuln DBs for EPNadmin", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-October/001098.html" - }, - { - "name" : "20624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20624" - }, - { - "name" : "ADV-2006-4167", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4167" - }, - { - "name" : "22508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22508" - }, - { - "name" : "epnadmin-constantes-file-include(29671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2596", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2596" + }, + { + "name": "22508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22508" + }, + { + "name": "20624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20624" + }, + { + "name": "ADV-2006-4167", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4167" + }, + { + "name": "epnadmin-constantes-file-include(29671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29671" + }, + { + "name": "20061026 parameter name error in vuln DBs for EPNadmin", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-October/001098.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5843.json b/2006/5xxx/CVE-2006-5843.json index 2af89f4a138..da314c0feec 100644 --- a/2006/5xxx/CVE-2006-5843.json +++ b/2006/5xxx/CVE-2006-5843.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116302805802656&w=2" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9" - }, - { - "name" : "20976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20976" - }, - { - "name" : "ADV-2006-4421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4421" - }, - { - "name" : "1017201", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017201" - }, - { - "name" : "22788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22788" - }, - { - "name" : "speedwiki-index-xss(30132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2" + }, + { + "name": "speedwiki-index-xss(30132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30132" + }, + { + "name": "22788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22788" + }, + { + "name": "ADV-2006-4421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4421" + }, + { + "name": "20976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20976" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9" + }, + { + "name": "1017201", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017201" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5942.json b/2006/5xxx/CVE-2006-5942.json index a11288b5eac..b5a7cd40757 100644 --- a/2006/5xxx/CVE-2006-5942.json +++ b/2006/5xxx/CVE-2006-5942.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 Inventory Manager [injection sql & xss (get)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451553/100/0/threaded" - }, - { - "name" : "21069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21069" - }, - { - "name" : "22915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22915" - }, - { - "name" : "1875", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1875" - }, - { - "name" : "inventorymanager-displayresults-xss(30276)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061114 Inventory Manager [injection sql & xss (get)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451553/100/0/threaded" + }, + { + "name": "1875", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1875" + }, + { + "name": "22915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22915" + }, + { + "name": "21069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21069" + }, + { + "name": "inventorymanager-displayresults-xss(30276)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30276" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2478.json b/2007/2xxx/CVE-2007-2478.json index 0ac86c1377a..59d28fe744a 100644 --- a/2007/2xxx/CVE-2007-2478.json +++ b/2007/2xxx/CVE-2007-2478.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522" - }, - { - "name" : "http://blog.ceruleanstudios.com/?p=131", - "refsource" : "CONFIRM", - "url" : "http://blog.ceruleanstudios.com/?p=131" - }, - { - "name" : "23730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23730" - }, - { - "name" : "35721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35721" - }, - { - "name" : "ADV-2007-1596", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1596" - }, - { - "name" : "1017982", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017982" - }, - { - "name" : "25086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25086" - }, - { - "name" : "trillian-fontface-bo(33986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33986" - }, - { - "name" : "trillian-urlhighlight-bo(33985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25086" + }, + { + "name": "http://blog.ceruleanstudios.com/?p=131", + "refsource": "CONFIRM", + "url": "http://blog.ceruleanstudios.com/?p=131" + }, + { + "name": "trillian-urlhighlight-bo(33985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33985" + }, + { + "name": "20070501 Cerulean Studios Trillian Multiple IRC Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522" + }, + { + "name": "1017982", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017982" + }, + { + "name": "23730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23730" + }, + { + "name": "35721", + "refsource": "OSVDB", + "url": "http://osvdb.org/35721" + }, + { + "name": "ADV-2007-1596", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1596" + }, + { + "name": "trillian-fontface-bo(33986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33986" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2790.json b/2007/2xxx/CVE-2007-2790.json index dd657469c6a..8de0dd22e19 100644 --- a/2007/2xxx/CVE-2007-2790.json +++ b/2007/2xxx/CVE-2007-2790.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070517 VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468834/100/0/threaded" - }, - { - "name" : "http://redlevel.org/wp-content/uploads/vpasp-650.txt", - "refsource" : "MISC", - "url" : "http://redlevel.org/wp-content/uploads/vpasp-650.txt" - }, - { - "name" : "http://www.vpasp.com/helpnotes/fixes.asp?version=v650", - "refsource" : "MISC", - "url" : "http://www.vpasp.com/helpnotes/fixes.asp?version=v650" - }, - { - "name" : "ADV-2007-1866", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1866" - }, - { - "name" : "36095", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36095" - }, - { - "name" : "1018083", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018083" - }, - { - "name" : "25314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25314" - }, - { - "name" : "2728", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2728" - }, - { - "name" : "vpasp-shopcontent-xss(34345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2728", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2728" + }, + { + "name": "vpasp-shopcontent-xss(34345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34345" + }, + { + "name": "36095", + "refsource": "OSVDB", + "url": "http://osvdb.org/36095" + }, + { + "name": "ADV-2007-1866", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1866" + }, + { + "name": "http://redlevel.org/wp-content/uploads/vpasp-650.txt", + "refsource": "MISC", + "url": "http://redlevel.org/wp-content/uploads/vpasp-650.txt" + }, + { + "name": "http://www.vpasp.com/helpnotes/fixes.asp?version=v650", + "refsource": "MISC", + "url": "http://www.vpasp.com/helpnotes/fixes.asp?version=v650" + }, + { + "name": "25314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25314" + }, + { + "name": "1018083", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018083" + }, + { + "name": "20070517 VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468834/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2978.json b/2007/2xxx/CVE-2007-2978.json index 999ff76fb2e..821f2ce666e 100644 --- a/2007/2xxx/CVE-2007-2978.json +++ b/2007/2xxx/CVE-2007-2978.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 [MajorSecurity Advisory #48]eggblog - Session fixation Issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469888/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48" - }, - { - "name" : "36734", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36734" - }, - { - "name" : "25443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25443" - }, - { - "name" : "2756", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2756" - }, - { - "name" : "eggblog-phpsessid-session-hijacking(34549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070529 [MajorSecurity Advisory #48]eggblog - Session fixation Issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469888/100/0/threaded" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls48" + }, + { + "name": "25443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25443" + }, + { + "name": "eggblog-phpsessid-session-hijacking(34549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34549" + }, + { + "name": "36734", + "refsource": "OSVDB", + "url": "http://osvdb.org/36734" + }, + { + "name": "2756", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2756" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3377.json b/2007/3xxx/CVE-2007-3377.json index 8534da03dc9..5b5fd9c2adf 100644 --- a/2007/3xxx/CVE-2007-3377.json +++ b/2007/3xxx/CVE-2007-3377.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070717 rPSA-2007-0142-1 perl-Net-DNS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473871/100/0/threaded" - }, - { - "name" : "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html", - "refsource" : "MISC", - "url" : "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html" - }, - { - "name" : "http://rt.cpan.org/Public/Bug/Display.html?id=23961", - "refsource" : "CONFIRM", - "url" : "http://rt.cpan.org/Public/Bug/Display.html?id=23961" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458" - }, - { - "name" : "http://www.net-dns.org/docs/Changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.net-dns.org/docs/Changes.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm" - }, - { - "name" : "DSA-1515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1515" - }, - { - "name" : "GLSA-200708-06", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml" - }, - { - "name" : "MDKSA-2007:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:146" - }, - { - "name" : "RHSA-2007:0674", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0674.html" - }, - { - "name" : "RHSA-2007:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0675.html" - }, - { - "name" : "20070701-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" - }, - { - "name" : "SUSE-SR:2007:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_17_sr.html" - }, - { - "name" : "2007-0023", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0023/" - }, - { - "name" : "USN-483-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-483-1" - }, - { - "name" : "24669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24669" - }, - { - "name" : "37053", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37053" - }, - { - "name" : "oval:org.mitre.oval:def:9904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904" - }, - { - "name" : "1018377", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018377" - }, - { - "name" : "25829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25829" - }, - { - "name" : "26014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26014" - }, - { - "name" : "26055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26055" - }, - { - "name" : "26012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26012" - }, - { - "name" : "26075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26075" - }, - { - "name" : "26211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26211" - }, - { - "name" : "26231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26231" - }, - { - "name" : "26417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26417" - }, - { - "name" : "26508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26508" - }, - { - "name" : "26543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26543" - }, - { - "name" : "29354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29354" - }, - { - "name" : "netdns-dns-responses-spoofing(35112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26231" + }, + { + "name": "26417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26417" + }, + { + "name": "29354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29354" + }, + { + "name": "26014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26014" + }, + { + "name": "RHSA-2007:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0675.html" + }, + { + "name": "oval:org.mitre.oval:def:9904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904" + }, + { + "name": "26012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26012" + }, + { + "name": "DSA-1515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1515" + }, + { + "name": "http://www.net-dns.org/docs/Changes.html", + "refsource": "CONFIRM", + "url": "http://www.net-dns.org/docs/Changes.html" + }, + { + "name": "SUSE-SR:2007:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html" + }, + { + "name": "26543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26543" + }, + { + "name": "netdns-dns-responses-spoofing(35112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35112" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm" + }, + { + "name": "USN-483-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-483-1" + }, + { + "name": "2007-0023", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0023/" + }, + { + "name": "MDKSA-2007:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:146" + }, + { + "name": "RHSA-2007:0674", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0674.html" + }, + { + "name": "26055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26055" + }, + { + "name": "26211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26211" + }, + { + "name": "37053", + "refsource": "OSVDB", + "url": "http://osvdb.org/37053" + }, + { + "name": "26075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26075" + }, + { + "name": "1018377", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018377" + }, + { + "name": "26508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26508" + }, + { + "name": "24669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24669" + }, + { + "name": "http://rt.cpan.org/Public/Bug/Display.html?id=23961", + "refsource": "CONFIRM", + "url": "http://rt.cpan.org/Public/Bug/Display.html?id=23961" + }, + { + "name": "20070701-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" + }, + { + "name": "25829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25829" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458" + }, + { + "name": "GLSA-200708-06", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml" + }, + { + "name": "20070717 rPSA-2007-0142-1 perl-Net-DNS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473871/100/0/threaded" + }, + { + "name": "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html", + "refsource": "MISC", + "url": "http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3433.json b/2007/3xxx/CVE-2007-3433.json index abbd671112e..6e13e0d39c5 100644 --- a/2007/3xxx/CVE-2007-3433.json +++ b/2007/3xxx/CVE-2007-3433.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4095", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4095" - }, - { - "name" : "24602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24602" - }, - { - "name" : "ADV-2007-2308", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2308" - }, - { - "name" : "38224", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38224" - }, - { - "name" : "pharmacysystem-index-sql-injection(35010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24602" + }, + { + "name": "38224", + "refsource": "OSVDB", + "url": "http://osvdb.org/38224" + }, + { + "name": "pharmacysystem-index-sql-injection(35010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35010" + }, + { + "name": "ADV-2007-2308", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2308" + }, + { + "name": "4095", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4095" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3985.json b/2007/3xxx/CVE-2007-3985.json index b0d0b439ebd..69df98b716f 100644 --- a/2007/3xxx/CVE-2007-3985.json +++ b/2007/3xxx/CVE-2007-3985.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=118522960430476&w=2" - }, - { - "name" : "http://www.oliverkarow.de/research/securityreporter.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/securityreporter.txt" - }, - { - "name" : "http://www.securecomputing.com/index.cfm?skey=1429", - "refsource" : "CONFIRM", - "url" : "http://www.securecomputing.com/index.cfm?skey=1429" - }, - { - "name" : "25027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25027" - }, - { - "name" : "43770", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43770" - }, - { - "name" : "1018443", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018443" - }, - { - "name" : "26167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26167" - }, - { - "name" : "securityreporter-name-directory-traversal(35585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securecomputing.com/index.cfm?skey=1429", + "refsource": "CONFIRM", + "url": "http://www.securecomputing.com/index.cfm?skey=1429" + }, + { + "name": "26167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26167" + }, + { + "name": "securityreporter-name-directory-traversal(35585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35585" + }, + { + "name": "25027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25027" + }, + { + "name": "1018443", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018443" + }, + { + "name": "43770", + "refsource": "OSVDB", + "url": "http://osvdb.org/43770" + }, + { + "name": "http://www.oliverkarow.de/research/securityreporter.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/securityreporter.txt" + }, + { + "name": "20070720 Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=118522960430476&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6322.json b/2007/6xxx/CVE-2007-6322.json index 2511d203add..d58435f85b5 100644 --- a/2007/6xxx/CVE-2007-6322.json +++ b/2007/6xxx/CVE-2007-6322.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4729", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4729" - }, - { - "name" : "26849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26849" - }, - { - "name" : "40090", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40090" - }, - { - "name" : "28071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28071" - }, - { - "name" : "xml2owl-filedownload-directory-traversal(39010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xml2owl-filedownload-directory-traversal(39010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39010" + }, + { + "name": "26849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26849" + }, + { + "name": "40090", + "refsource": "OSVDB", + "url": "http://osvdb.org/40090" + }, + { + "name": "28071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28071" + }, + { + "name": "4729", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4729" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6468.json b/2007/6xxx/CVE-2007-6468.json index ff2946daf58..98dc02a7586 100644 --- a/2007/6xxx/CVE-2007-6468.json +++ b/2007/6xxx/CVE-2007-6468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987" - }, - { - "name" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25", - "refsource" : "CONFIRM", - "url" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25" - }, - { - "name" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19", - "refsource" : "CONFIRM", - "url" : "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19" - }, - { - "name" : "26893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26893" - }, - { - "name" : "ADV-2007-4239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4239" - }, - { - "name" : "42641", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42641" - }, - { - "name" : "28124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25", + "refsource": "CONFIRM", + "url": "http://uhexen2.cvs.sourceforge.net/uhexen2/hexenworld/Client/huffman.c?r1=1.24&r2=1.25" + }, + { + "name": "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19", + "refsource": "CONFIRM", + "url": "http://uhexen2.cvs.sourceforge.net/uhexen2/hw_utils/hwrcon/huffman.c?r1=1.18&r2=1.19" + }, + { + "name": "26893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26893" + }, + { + "name": "28124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28124" + }, + { + "name": "42641", + "refsource": "OSVDB", + "url": "http://osvdb.org/42641" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=562016&group_id=124987" + }, + { + "name": "ADV-2007-4239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4239" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6497.json b/2007/6xxx/CVE-2007-6497.json index ea6fdd57359..ede935df25c 100644 --- a/2007/6xxx/CVE-2007-6497.json +++ b/2007/6xxx/CVE-2007-6497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485028/100/0/threaded" - }, - { - "name" : "4730", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4730" - }, - { - "name" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" - }, - { - "name" : "26862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26862" - }, - { - "name" : "1019222", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019222" - }, - { - "name" : "28973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28973" - }, - { - "name" : "3474", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28973" + }, + { + "name": "20071213 Hosting Controller - Multiple Security Bugs (Extremely Critical)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485028/100/0/threaded" + }, + { + "name": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html" + }, + { + "name": "3474", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3474" + }, + { + "name": "4730", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4730" + }, + { + "name": "26862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26862" + }, + { + "name": "1019222", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019222" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6597.json b/2007/6xxx/CVE-2007-6597.json index dc09218c940..e834fc030d1 100644 --- a/2007/6xxx/CVE-2007-6597.json +++ b/2007/6xxx/CVE-2007-6597.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 IPortalX Forums Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485546/100/0/threaded" - }, - { - "name" : "http://www.hackerscenter.com/Archive/view.asp?id=28137", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/Archive/view.asp?id=28137" - }, - { - "name" : "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1", - "refsource" : "CONFIRM", - "url" : "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1" - }, - { - "name" : "27044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27044" - }, - { - "name" : "39860", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39860" - }, - { - "name" : "39861", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39861" - }, - { - "name" : "28252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28252" - }, - { - "name" : "3504", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3504" - }, - { - "name" : "iportalx-loginuser-blogs-xss(39249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071227 IPortalX Forums Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485546/100/0/threaded" + }, + { + "name": "3504", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3504" + }, + { + "name": "39861", + "refsource": "OSVDB", + "url": "http://osvdb.org/39861" + }, + { + "name": "39860", + "refsource": "OSVDB", + "url": "http://osvdb.org/39860" + }, + { + "name": "27044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27044" + }, + { + "name": "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1", + "refsource": "CONFIRM", + "url": "http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1" + }, + { + "name": "http://www.hackerscenter.com/Archive/view.asp?id=28137", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/Archive/view.asp?id=28137" + }, + { + "name": "28252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28252" + }, + { + "name": "iportalx-loginuser-blogs-xss(39249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39249" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0020.json b/2010/0xxx/CVE-2010-0020.json index e1311ac4dd0..af1f9c6a66c 100644 --- a/2010/0xxx/CVE-2010-0020.json +++ b/2010/0xxx/CVE-2010-0020.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka \"SMB Pathname Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" - }, - { - "name" : "TA10-040A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" - }, - { - "name" : "oval:org.mitre.oval:def:8438", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka \"SMB Pathname Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:8438", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438" + }, + { + "name": "TA10-040A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" + }, + { + "name": "MS10-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0140.json b/2010/0xxx/CVE-2010-0140.json index 558239e42e2..8ed922fdc43 100644 --- a/2010/0xxx/CVE-2010-0140.json +++ b/2010/0xxx/CVE-2010-0140.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-0140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml" - }, - { - "name" : "37965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100127 Multiple Vulnerabilities in Cisco Unified MeetingPlace", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml" + }, + { + "name": "37965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37965" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0514.json b/2010/0xxx/CVE-2010-0514.json index 573cd4e0fab..2fbdd5008ae 100644 --- a/2010/0xxx/CVE-2010-0514.json +++ b/2010/0xxx/CVE-2010-0514.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-03-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:7043", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7043", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0968.json b/2010/0xxx/CVE-2010-0968.json index cc27e04e759..d6145052862 100644 --- a/2010/0xxx/CVE-2010-0968.json +++ b/2010/0xxx/CVE-2010-0968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11721", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11721" - }, - { - "name" : "ADV-2010-0612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11721", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11721" + }, + { + "name": "ADV-2010-0612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0612" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0970.json b/2010/0xxx/CVE-2010-0970.json index 257c78e19d4..3b659140793 100644 --- a/2010/0xxx/CVE-2010-0970.json +++ b/2010/0xxx/CVE-2010-0970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11737", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11737" - }, - { - "name" : "ADV-2010-0614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0614" - }, - { - "name" : "phpmylogon-phpmylogon-sql-injection(56868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmylogon-phpmylogon-sql-injection(56868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56868" + }, + { + "name": "ADV-2010-0614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0614" + }, + { + "name": "11737", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11737" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1287.json b/2010/1xxx/CVE-2010-1287.json index 25aa31e8f3f..ce9825ea98e 100644 --- a/2010/1xxx/CVE-2010-1287.json +++ b/2010/1xxx/CVE-2010-1287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" - }, - { - "name" : "oval:org.mitre.oval:def:6803", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6803" - }, - { - "name" : "38751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38751" - }, - { - "name" : "ADV-2010-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38751" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html" + }, + { + "name": "ADV-2010-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1128" + }, + { + "name": "oval:org.mitre.oval:def:6803", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6803" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1892.json b/2010/1xxx/CVE-2010-1892.json index a4e7aa0f646..2aaf42d952a 100644 --- a/2010/1xxx/CVE-2010-1892.json +++ b/2010/1xxx/CVE-2010-1892.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka \"IPv6 Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-058" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka \"IPv6 Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-058" + }, + { + "name": "oval:org.mitre.oval:def:11845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11845" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0133.json b/2014/0xxx/CVE-2014-0133.json index 0d90d000c94..3ac1b0f865c 100644 --- a/2014/0xxx/CVE-2014-0133.json +++ b/2014/0xxx/CVE-2014-0133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" - }, - { - "name" : "openSUSE-SU-2014:0450", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" - }, - { - "name" : "66537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" + }, + { + "name": "openSUSE-SU-2014:0450", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" + }, + { + "name": "66537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66537" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0295.json b/2014/0xxx/CVE-2014-0295.json index 09e6f99468f..f6f15f7197b 100644 --- a/2014/0xxx/CVE-2014-0295.json +++ b/2014/0xxx/CVE-2014-0295.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka \"VSAVB7RT ASLR Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.greyhathacker.net/?p=585", - "refsource" : "MISC", - "url" : "http://www.greyhathacker.net/?p=585" - }, - { - "name" : "MS14-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" - }, - { - "name" : "65418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65418" - }, - { - "name" : "103164", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103164" - }, - { - "name" : "1029745", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029745" - }, - { - "name" : "56793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka \"VSAVB7RT ASLR Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029745", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029745" + }, + { + "name": "103164", + "refsource": "OSVDB", + "url": "http://osvdb.org/103164" + }, + { + "name": "65418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65418" + }, + { + "name": "http://www.greyhathacker.net/?p=585", + "refsource": "MISC", + "url": "http://www.greyhathacker.net/?p=585" + }, + { + "name": "56793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56793" + }, + { + "name": "MS14-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0941.json b/2014/0xxx/CVE-2014-0941.json index 984c0f64c85..7cb06aeb4a4 100644 --- a/2014/0xxx/CVE-2014-0941.json +++ b/2014/0xxx/CVE-2014-0941.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671686", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671686" - }, - { - "name" : "ibm-netcoolomnibus-cve20140941-xss(92400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671686", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671686" + }, + { + "name": "ibm-netcoolomnibus-cve20140941-xss(92400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92400" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10035.json b/2014/10xxx/CVE-2014-10035.json index d9ce90a3e3c..d694294a08f 100644 --- a/2014/10xxx/CVE-2014-10035.json +++ b/2014/10xxx/CVE-2014-10035.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-10035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32037", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32037" - }, - { - "name" : "http://packetstormsecurity.com/files/125480", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125480" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php" - }, - { - "name" : "http://couponphp.com/changelog", - "refsource" : "CONFIRM", - "url" : "http://couponphp.com/changelog" - }, - { - "name" : "103886", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/103886" - }, - { - "name" : "103887", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/103887" - }, - { - "name" : "103897", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/103897" - }, - { - "name" : "57177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://couponphp.com/changelog", + "refsource": "CONFIRM", + "url": "http://couponphp.com/changelog" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php" + }, + { + "name": "57177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57177" + }, + { + "name": "103886", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/103886" + }, + { + "name": "103897", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/103897" + }, + { + "name": "103887", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/103887" + }, + { + "name": "32037", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32037" + }, + { + "name": "http://packetstormsecurity.com/files/125480", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125480" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1262.json b/2014/1xxx/CVE-2014-1262.json index f7cb1c9776d..699b2aec174 100644 --- a/2014/1xxx/CVE-2014-1262.json +++ b/2014/1xxx/CVE-2014-1262.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1364.json b/2014/1xxx/CVE-2014-1364.json index 007a15ca1d8..89b52b696ad 100644 --- a/2014/1xxx/CVE-2014-1364.json +++ b/2014/1xxx/CVE-2014-1364.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-06-30-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030495", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030495" - }, - { - "name" : "59481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "59481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59481" + }, + { + "name": "1030495", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030495" + }, + { + "name": "APPLE-SA-2014-06-30-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1847.json b/2014/1xxx/CVE-2014-1847.json index 4f98690db93..963d39ea54d 100644 --- a/2014/1xxx/CVE-2014-1847.json +++ b/2014/1xxx/CVE-2014-1847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1847", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1847", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4223.json b/2014/4xxx/CVE-2014-4223.json index a266e9c1bf7..f311b8e8d27 100644 --- a/2014/4xxx/CVE-2014-4223.json +++ b/2014/4xxx/CVE-2014-4223.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-4223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "DSA-2987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2987" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "RHSA-2014:0902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0902" - }, - { - "name" : "68590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68590" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60485" - }, - { - "name" : "60812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60812" - }, - { - "name" : "oracle-cpujul2014-cve20144223(94594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2987" + }, + { + "name": "oracle-cpujul2014-cve20144223(94594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94594" + }, + { + "name": "68590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68590" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "60812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60812" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60485" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "RHSA-2014:0902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0902" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4462.json b/2014/4xxx/CVE-2014-4462.json index fb2e52cdd7e..1b08a37f12a 100644 --- a/2014/4xxx/CVE-2014-4462.json +++ b/2014/4xxx/CVE-2014-4462.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-4462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/en-us/HT6590", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6590" - }, - { - "name" : "https://support.apple.com/en-us/HT6592", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT6592" - }, - { - "name" : "https://support.apple.com/en-us/HT204418", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/en-us/HT204418" - }, - { - "name" : "APPLE-SA-2014-11-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2014-11-17-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html" - }, - { - "name" : "71142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71142" - }, - { - "name" : "1031231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031231" - }, - { - "name" : "62504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62504" - }, - { - "name" : "62505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62505" - }, - { - "name" : "appletv-cve20144462-code-exec(98772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-11-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html" + }, + { + "name": "APPLE-SA-2014-11-17-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html" + }, + { + "name": "62505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62505" + }, + { + "name": "https://support.apple.com/en-us/HT6590", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6590" + }, + { + "name": "1031231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031231" + }, + { + "name": "62504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62504" + }, + { + "name": "appletv-cve20144462-code-exec(98772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98772" + }, + { + "name": "71142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71142" + }, + { + "name": "https://support.apple.com/en-us/HT204418", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT204418" + }, + { + "name": "https://support.apple.com/en-us/HT6592", + "refsource": "CONFIRM", + "url": "https://support.apple.com/en-us/HT6592" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4572.json b/2014/4xxx/CVE-2014-4572.json index 45a6c65d9a6..515f626c0b7 100644 --- a/2014/4xxx/CVE-2014-4572.json +++ b/2014/4xxx/CVE-2014-4572.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-votecount-for-balatarin-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4594.json b/2014/4xxx/CVE-2014-4594.json index 0b30c979c65..7056a2e5d1c 100644 --- a/2014/4xxx/CVE-2014-4594.json +++ b/2014/4xxx/CVE-2014-4594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss" - }, - { - "name" : "http://wordpress.org/plugins/wp-responsive-preview/changelog", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/wp-responsive-preview/changelog" - }, - { - "name" : "68408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-responsive-preview-a3-cross-site-scripting-xss" + }, + { + "name": "http://wordpress.org/plugins/wp-responsive-preview/changelog", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/wp-responsive-preview/changelog" + }, + { + "name": "68408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68408" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4646.json b/2014/4xxx/CVE-2014-4646.json index 30d49357cc3..8e0b54ef844 100644 --- a/2014/4xxx/CVE-2014-4646.json +++ b/2014/4xxx/CVE-2014-4646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-214", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-214" - }, - { - "name" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20", - "refsource" : "CONFIRM", - "url" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20" - }, - { - "name" : "59494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-214", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-214" + }, + { + "name": "59494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59494" + }, + { + "name": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20", + "refsource": "CONFIRM", + "url": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-20" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5271.json b/2014/5xxx/CVE-2014-5271.json index 1f300a40141..43fe7480775 100644 --- a/2014/5xxx/CVE-2014-5271.json +++ b/2014/5xxx/CVE-2014-5271.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803" - }, - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - }, - { - "name" : "69250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69250" - }, - { - "name" : "111725", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/111725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "111725", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/111725" + }, + { + "name": "69250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69250" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5287.json b/2014/5xxx/CVE-2014-5287.json index ac22312e7eb..2800067497c 100644 --- a/2014/5xxx/CVE-2014-5287.json +++ b/2014/5xxx/CVE-2014-5287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5719.json b/2014/5xxx/CVE-2014-5719.json index 68a867a34bd..40dcf0ece25 100644 --- a/2014/5xxx/CVE-2014-5719.json +++ b/2014/5xxx/CVE-2014-5719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#255225", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/255225" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#255225", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/255225" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10583.json b/2016/10xxx/CVE-2016-10583.json index 679091df26c..29dd7e9db2f 100644 --- a/2016/10xxx/CVE-2016-10583.json +++ b/2016/10xxx/CVE-2016-10583.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-10583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-10583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/165", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/165", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/165" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3109.json b/2016/3xxx/CVE-2016-3109.json index e3d490dc6c9..c1b37d1d130 100644 --- a/2016/3xxx/CVE-2016-3109.json +++ b/2016/3xxx/CVE-2016-3109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160423 Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538173/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html" - }, - { - "name" : "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d", - "refsource" : "CONFIRM", - "url" : "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d" - }, - { - "name" : "97979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d", + "refsource": "CONFIRM", + "url": "https://github.com/shopware/shopware/commit/d73e9031a5b2ab6e918eb86d1e2b2e873cd3558d" + }, + { + "name": "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136781/Shopware-Remote-Code-Execution.html" + }, + { + "name": "97979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97979" + }, + { + "name": "20160423 Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538173/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3287.json b/2016/3xxx/CVE-2016-3287.json index 2744555773a..a9df24e0a91 100644 --- a/2016/3xxx/CVE-2016-3287.json +++ b/2016/3xxx/CVE-2016-3287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka \"Secure Boot Security Feature Bypass.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-3287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-094", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-094" - }, - { - "name" : "91604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91604" - }, - { - "name" : "1036290", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka \"Secure Boot Security Feature Bypass.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91604" + }, + { + "name": "1036290", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036290" + }, + { + "name": "MS16-094", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-094" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3738.json b/2016/3xxx/CVE-2016-3738.json index 7d5b5b42b9d..b7fe0338af3 100644 --- a/2016/3xxx/CVE-2016-3738.json +++ b/2016/3xxx/CVE-2016-3738.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2016:1094", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:1094", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1094" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7684.json b/2016/7xxx/CVE-2016-7684.json index 89b5cb71c86..e0ea93d5004 100644 --- a/2016/7xxx/CVE-2016-7684.json +++ b/2016/7xxx/CVE-2016-7684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7684", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-7684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7944.json b/2016/7xxx/CVE-2016-7944.json index ebffaefa077..1fdf1022e3e 100644 --- a/2016/7xxx/CVE-2016-7944.json +++ b/2016/7xxx/CVE-2016-7944.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-7944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4" - }, - { - "name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2" - }, - { - "name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" - }, - { - "name" : "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e" - }, - { - "name" : "FEDORA-2016-72d7f05b90", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/" - }, - { - "name" : "FEDORA-2016-ff5a2f4839", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/" - }, - { - "name" : "GLSA-201704-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-03" - }, - { - "name" : "93361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93361" - }, - { - "name" : "1036945", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036945", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036945" + }, + { + "name": "93361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93361" + }, + { + "name": "GLSA-201704-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-03" + }, + { + "name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" + }, + { + "name": "FEDORA-2016-72d7f05b90", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GE43MDCRGS4R7MRRZNVSLREHRLU5OHCV/" + }, + { + "name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4" + }, + { + "name": "FEDORA-2016-ff5a2f4839", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CE6VJWBMOWLSCH4OP4TAEPIA7NP53ON/" + }, + { + "name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2" + }, + { + "name": "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8012.json b/2016/8xxx/CVE-2016-8012.json index aa07eae78b0..c24d22cbdfb 100644 --- a/2016/8xxx/CVE-2016-8012.json +++ b/2016/8xxx/CVE-2016-8012.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Data Loss Prevention Endpoint (DLPe)", - "version" : { - "version_data" : [ - { - "version_value" : "9.4.200 and 9.3.600" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Access control vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Loss Prevention Endpoint (DLPe)", + "version": { + "version_data": [ + { + "version_value": "9.4.200 and 9.3.600" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10185", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access control vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10185", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10185" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8019.json b/2016/8xxx/CVE-2016-8019.json index 65ca121fc08..7423cf6f6c9 100644 --- a/2016/8xxx/CVE-2016-8019.json +++ b/2016/8xxx/CVE-2016-8019.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VirusScan Enterprise Linux (VSEL)", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.3 (and earlier)" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VirusScan Enterprise Linux (VSEL)", + "version": { + "version_data": [ + { + "version_value": "2.0.3 (and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40911/" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" - }, - { - "name" : "94823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94823" - }, - { - "name" : "1037433", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94823" + }, + { + "name": "1037433", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037433" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10181" + }, + { + "name": "40911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40911/" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8558.json b/2016/8xxx/CVE-2016-8558.json index f901d4deb08..ca93330949f 100644 --- a/2016/8xxx/CVE-2016-8558.json +++ b/2016/8xxx/CVE-2016-8558.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8558", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8558", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9455.json b/2016/9xxx/CVE-2016-9455.json index 794a34f0e51..2021f6a3be9 100644 --- a/2016/9xxx/CVE-2016-9455.json +++ b/2016/9xxx/CVE-2016-9455.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Revive Adserver All versions before 3.2.3", - "version" : { - "version_data" : [ - { - "version_value" : "Revive Adserver All versions before 3.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) (CWE-352)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Revive Adserver All versions before 3.2.3", + "version": { + "version_data": [ + { + "version_value": "Revive Adserver All versions before 3.2.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45", - "refsource" : "MISC", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45" - }, - { - "name" : "https://hackerone.com/reports/97123", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/97123" - }, - { - "name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", - "refsource" : "MISC", - "url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" - }, - { - "name" : "83964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/97123", + "refsource": "MISC", + "url": "https://hackerone.com/reports/97123" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45", + "refsource": "MISC", + "url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45" + }, + { + "name": "83964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83964" + }, + { + "name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", + "refsource": "MISC", + "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9832.json b/2016/9xxx/CVE-2016-9832.json index d39cb83ef55..f09f5d67e35 100644 --- a/2016/9xxx/CVE-2016-9832.json +++ b/2016/9xxx/CVE-2016-9832.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161207 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539883/100/0/threaded" - }, - { - "name" : "20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Dec/33" - }, - { - "name" : "http://www.securityfocus.com/archive/1/539883/30/0/threaded", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/archive/1/539883/30/0/threaded" - }, - { - "name" : "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", - "refsource" : "MISC", - "url" : "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security" - }, - { - "name" : "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html" - }, - { - "name" : "94733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/archive/1/539883/30/0/threaded", + "refsource": "MISC", + "url": "http://www.securityfocus.com/archive/1/539883/30/0/threaded" + }, + { + "name": "94733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94733" + }, + { + "name": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140062/PwC-ACE-Software-For-SAP-Security-8.10.304-ABAP-Injection.html" + }, + { + "name": "20161209 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Dec/33" + }, + { + "name": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security", + "refsource": "MISC", + "url": "https://www.esnc.de/security-advisories/vulnerability-in-pwc-ace-for-sap-security" + }, + { + "name": "20161207 [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539883/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2069.json b/2019/2xxx/CVE-2019-2069.json index adf7662ee6a..98f324ddde7 100644 --- a/2019/2xxx/CVE-2019-2069.json +++ b/2019/2xxx/CVE-2019-2069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2113.json b/2019/2xxx/CVE-2019-2113.json index 1f03e661e43..f097acbf4aa 100644 --- a/2019/2xxx/CVE-2019-2113.json +++ b/2019/2xxx/CVE-2019-2113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2449.json b/2019/2xxx/CVE-2019-2449.json index a865999cc4b..eacfcf1cb95 100644 --- a/2019/2xxx/CVE-2019-2449.json +++ b/2019/2xxx/CVE-2019-2449.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 8u192" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 8u192" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" - }, - { - "name" : "RHSA-2019:0469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0469" - }, - { - "name" : "RHSA-2019:0472", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0472" - }, - { - "name" : "106597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106597" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0001/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2019:0469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0469" + }, + { + "name": "RHSA-2019:0472", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0472" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2479.json b/2019/2xxx/CVE-2019-2479.json index 4683c4a52f3..831ffef2672 100644 --- a/2019/2xxx/CVE-2019-2479.json +++ b/2019/2xxx/CVE-2019-2479.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106569" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2924.json b/2019/2xxx/CVE-2019-2924.json index 61443dd273d..d6a6c1203b0 100644 --- a/2019/2xxx/CVE-2019-2924.json +++ b/2019/2xxx/CVE-2019-2924.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2924", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2924", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6323.json b/2019/6xxx/CVE-2019-6323.json index 5ee40e88ac8..c59165e3766 100644 --- a/2019/6xxx/CVE-2019-6323.json +++ b/2019/6xxx/CVE-2019-6323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6323", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6323", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6981.json b/2019/6xxx/CVE-2019-6981.json index fa8c9c68d1b..43c635f69e7 100644 --- a/2019/6xxx/CVE-2019-6981.json +++ b/2019/6xxx/CVE-2019-6981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file