From d942896aadc31802186d6481a61ad5739841c262 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:13:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5071.json | 170 ++++++------- 2006/5xxx/CVE-2006-5873.json | 190 +++++++------- 2007/2xxx/CVE-2007-2128.json | 200 +++++++-------- 2007/2xxx/CVE-2007-2281.json | 180 +++++++------- 2007/2xxx/CVE-2007-2332.json | 150 +++++------ 2007/3xxx/CVE-2007-3103.json | 330 ++++++++++++------------- 2007/3xxx/CVE-2007-3421.json | 140 +++++------ 2007/3xxx/CVE-2007-3592.json | 160 ++++++------ 2007/3xxx/CVE-2007-3956.json | 160 ++++++------ 2007/6xxx/CVE-2007-6260.json | 170 ++++++------- 2007/6xxx/CVE-2007-6307.json | 170 ++++++------- 2007/6xxx/CVE-2007-6620.json | 150 +++++------ 2010/0xxx/CVE-2010-0013.json | 350 +++++++++++++------------- 2010/0xxx/CVE-2010-0275.json | 160 ++++++------ 2010/0xxx/CVE-2010-0307.json | 400 +++++++++++++++--------------- 2010/0xxx/CVE-2010-0329.json | 150 +++++------ 2010/1xxx/CVE-2010-1306.json | 160 ++++++------ 2010/1xxx/CVE-2010-1781.json | 270 ++++++++++---------- 2010/1xxx/CVE-2010-1895.json | 140 +++++------ 2010/1xxx/CVE-2010-1949.json | 130 +++++----- 2014/0xxx/CVE-2014-0078.json | 130 +++++----- 2014/0xxx/CVE-2014-0139.json | 280 ++++++++++----------- 2014/0xxx/CVE-2014-0344.json | 130 +++++----- 2014/0xxx/CVE-2014-0670.json | 180 +++++++------- 2014/0xxx/CVE-2014-0948.json | 130 +++++----- 2014/1xxx/CVE-2014-1269.json | 150 +++++------ 2014/1xxx/CVE-2014-1487.json | 440 ++++++++++++++++----------------- 2014/1xxx/CVE-2014-1762.json | 160 ++++++------ 2014/1xxx/CVE-2014-1923.json | 34 +-- 2014/4xxx/CVE-2014-4075.json | 160 ++++++------ 2014/4xxx/CVE-2014-4547.json | 130 +++++----- 2014/4xxx/CVE-2014-4550.json | 34 +-- 2014/4xxx/CVE-2014-4582.json | 120 ++++----- 2014/4xxx/CVE-2014-4909.json | 270 ++++++++++---------- 2014/5xxx/CVE-2014-5901.json | 140 +++++------ 2014/5xxx/CVE-2014-5924.json | 140 +++++------ 2016/10xxx/CVE-2016-10092.json | 190 +++++++------- 2016/10xxx/CVE-2016-10245.json | 34 +-- 2016/10xxx/CVE-2016-10690.json | 122 ++++----- 2016/10xxx/CVE-2016-10717.json | 160 ++++++------ 2016/3xxx/CVE-2016-3022.json | 220 ++++++++--------- 2016/3xxx/CVE-2016-3542.json | 150 +++++------ 2016/3xxx/CVE-2016-3822.json | 150 +++++------ 2016/3xxx/CVE-2016-3830.json | 140 +++++------ 2016/7xxx/CVE-2016-7240.json | 150 +++++------ 2016/8xxx/CVE-2016-8138.json | 34 +-- 2016/8xxx/CVE-2016-8461.json | 130 +++++----- 2016/8xxx/CVE-2016-8985.json | 34 +-- 2016/9xxx/CVE-2016-9019.json | 150 +++++------ 2016/9xxx/CVE-2016-9072.json | 152 ++++++------ 2016/9xxx/CVE-2016-9201.json | 140 +++++------ 2016/9xxx/CVE-2016-9230.json | 34 +-- 2016/9xxx/CVE-2016-9241.json | 34 +-- 2019/2xxx/CVE-2019-2085.json | 34 +-- 2019/2xxx/CVE-2019-2164.json | 34 +-- 2019/2xxx/CVE-2019-2258.json | 34 +-- 2019/2xxx/CVE-2019-2936.json | 34 +-- 2019/6xxx/CVE-2019-6297.json | 34 +-- 2019/6xxx/CVE-2019-6903.json | 34 +-- 59 files changed, 4393 insertions(+), 4393 deletions(-) diff --git a/2006/5xxx/CVE-2006-5071.json b/2006/5xxx/CVE-2006-5071.json index 516956d2647..2490b6f0fb8 100644 --- a/2006/5xxx/CVE-2006-5071.json +++ b/2006/5xxx/CVE-2006-5071.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html", - "refsource" : "CONFIRM", - "url" : "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490" - }, - { - "name" : "20213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20213" - }, - { - "name" : "ADV-2006-3780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3780" - }, - { - "name" : "22117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22117" - }, - { - "name" : "eyeos-unspecified-xss(29190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22117" + }, + { + "name": "20213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20213" + }, + { + "name": "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html", + "refsource": "CONFIRM", + "url": "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html" + }, + { + "name": "eyeos-unspecified-xss(29190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29190" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490" + }, + { + "name": "ADV-2006-3780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3780" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5873.json b/2006/5xxx/CVE-2006-5873.json index 780dd367560..23c892b1f29 100644 --- a/2006/5xxx/CVE-2006-5873.json +++ b/2006/5xxx/CVE-2006-5873.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54", - "refsource" : "CONFIRM", - "url" : "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202" - }, - { - "name" : "DSA-1230", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1230" - }, - { - "name" : "21443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21443" - }, - { - "name" : "ADV-2006-4860", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4860" - }, - { - "name" : "23230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23230" - }, - { - "name" : "23333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23333" - }, - { - "name" : "l2tpns-heartbeat-dos(30732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23333" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202" + }, + { + "name": "23230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23230" + }, + { + "name": "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54", + "refsource": "CONFIRM", + "url": "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54" + }, + { + "name": "l2tpns-heartbeat-dos(30732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30732" + }, + { + "name": "DSA-1230", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1230" + }, + { + "name": "ADV-2006-4860", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4860" + }, + { + "name": "21443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21443" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2128.json b/2007/2xxx/CVE-2007-2128.json index c20fe5b2e9c..b0e32ac60d7 100644 --- a/2007/2xxx/CVE-2007-2128.json +++ b/2007/2xxx/CVE-2007-2128.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" - }, - { - "name" : "TA07-108A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" - }, - { - "name" : "23532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23532" - }, - { - "name" : "ADV-2007-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1426" - }, - { - "name" : "1017927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-108A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" + }, + { + "name": "23532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23532" + }, + { + "name": "1017927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017927" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded" + }, + { + "name": "ADV-2007-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1426" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2281.json b/2007/2xxx/CVE-2007-2281.json index 4bcee67194e..ab611ae0e02 100644 --- a/2007/2xxx/CVE-2007-2281.json +++ b/2007/2xxx/CVE-2007-2281.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15" - }, - { - "name" : "HPSBMA02252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "SSRT061258", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "SSRT061259", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" - }, - { - "name" : "37386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37386" - }, - { - "name" : "1023361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023361" - }, - { - "name" : "ADV-2009-3594", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15" + }, + { + "name": "HPSBMA02252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + }, + { + "name": "SSRT061258", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + }, + { + "name": "1023361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023361" + }, + { + "name": "ADV-2009-3594", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3594" + }, + { + "name": "37386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37386" + }, + { + "name": "SSRT061259", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2332.json b/2007/2xxx/CVE-2007-2332.json index 8fff99d0e37..2f37792c7af 100644 --- a/2007/2xxx/CVE-2007-2332.json +++ b/2007/2xxx/CVE-2007-2332.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", - "refsource" : "CONFIRM", - "url" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null" - }, - { - "name" : "23562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23562" - }, - { - "name" : "ADV-2007-1464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1464" - }, - { - "name" : "24962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23562" + }, + { + "name": "24962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24962" + }, + { + "name": "ADV-2007-1464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1464" + }, + { + "name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", + "refsource": "CONFIRM", + "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3103.json b/2007/3xxx/CVE-2007-3103.json index a5c68890a93..6bb5a64b26b 100644 --- a/2007/3xxx/CVE-2007-3103.json +++ b/2007/3xxx/CVE-2007-3103.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070712 Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557" - }, - { - "name" : "20070717 rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473869/100/0/threaded" - }, - { - "name" : "5167", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5167" - }, - { - "name" : "http://bugzilla.redhat.com/242903", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/242903" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1485", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1485" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=185660", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=185660" - }, - { - "name" : "DSA-1342", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1342" - }, - { - "name" : "FEDORA-2009-3651", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html" - }, - { - "name" : "FEDORA-2009-3666", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html" - }, - { - "name" : "GLSA-200710-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-11.xml" - }, - { - "name" : "RHSA-2007:0519", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0519.html" - }, - { - "name" : "RHSA-2007:0520", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0520.html" - }, - { - "name" : "24888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24888" - }, - { - "name" : "40945", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40945" - }, - { - "name" : "oval:org.mitre.oval:def:10802", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802" - }, - { - "name" : "1018375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018375" - }, - { - "name" : "26081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26081" - }, - { - "name" : "26282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26282" - }, - { - "name" : "26056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26056" - }, - { - "name" : "27240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27240" - }, - { - "name" : "35674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35674" - }, - { - "name" : "redhat-xfs-privilege-escalation(35375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10802", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802" + }, + { + "name": "35674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35674" + }, + { + "name": "24888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24888" + }, + { + "name": "RHSA-2007:0520", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0520.html" + }, + { + "name": "26081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26081" + }, + { + "name": "DSA-1342", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1342" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1485", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1485" + }, + { + "name": "27240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27240" + }, + { + "name": "26056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26056" + }, + { + "name": "20070717 rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473869/100/0/threaded" + }, + { + "name": "5167", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5167" + }, + { + "name": "1018375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018375" + }, + { + "name": "GLSA-200710-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-11.xml" + }, + { + "name": "FEDORA-2009-3666", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html" + }, + { + "name": "http://bugzilla.redhat.com/242903", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/242903" + }, + { + "name": "redhat-xfs-privilege-escalation(35375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35375" + }, + { + "name": "20070712 Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557" + }, + { + "name": "26282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26282" + }, + { + "name": "RHSA-2007:0519", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0519.html" + }, + { + "name": "40945", + "refsource": "OSVDB", + "url": "http://osvdb.org/40945" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=185660", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=185660" + }, + { + "name": "FEDORA-2009-3651", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3421.json b/2007/3xxx/CVE-2007-3421.json index 8e43f49cd19..8221352f8d0 100644 --- a/2007/3xxx/CVE-2007-3421.json +++ b/2007/3xxx/CVE-2007-3421.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" - }, - { - "name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" - }, - { - "name" : "45402", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45402", + "refsource": "OSVDB", + "url": "http://osvdb.org/45402" + }, + { + "name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3592.json b/2007/3xxx/CVE-2007-3592.json index 05fc9ef8bc5..8dbd5db86c6 100644 --- a/2007/3xxx/CVE-2007-3592.json +++ b/2007/3xxx/CVE-2007-3592.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118" - }, - { - "name" : "24763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24763" - }, - { - "name" : "37820", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37820" - }, - { - "name" : "25926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25926" - }, - { - "name" : "elite-pm-data-manipulation(35262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37820", + "refsource": "OSVDB", + "url": "http://osvdb.org/37820" + }, + { + "name": "25926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25926" + }, + { + "name": "elite-pm-data-manipulation(35262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35262" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118" + }, + { + "name": "24763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24763" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3956.json b/2007/3xxx/CVE-2007-3956.json index e00f5d22666..f58314c32c0 100644 --- a/2007/3xxx/CVE-2007-3956.json +++ b/2007/3xxx/CVE-2007-3956.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4205", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4205" - }, - { - "name" : "24977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24977" - }, - { - "name" : "38595", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38595" - }, - { - "name" : "26141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26141" - }, - { - "name" : "teamspeak-login-dos(35518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38595", + "refsource": "OSVDB", + "url": "http://osvdb.org/38595" + }, + { + "name": "4205", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4205" + }, + { + "name": "24977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24977" + }, + { + "name": "26141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26141" + }, + { + "name": "teamspeak-login-dos(35518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35518" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6260.json b/2007/6xxx/CVE-2007-6260.json index d125c832e64..ef74d5a7f50 100644 --- a/2007/6xxx/CVE-2007-6260.json +++ b/2007/6xxx/CVE-2007-6260.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071113 Oracle 11g/10g Installation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483652/100/200/threaded" - }, - { - "name" : "http://www.davidlitchfield.com/blog/archives/00000030.htm", - "refsource" : "MISC", - "url" : "http://www.davidlitchfield.com/blog/archives/00000030.htm" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf" - }, - { - "name" : "26425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26425" - }, - { - "name" : "43673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43673" - }, - { - "name" : "3419", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.davidlitchfield.com/blog/archives/00000030.htm", + "refsource": "MISC", + "url": "http://www.davidlitchfield.com/blog/archives/00000030.htm" + }, + { + "name": "43673", + "refsource": "OSVDB", + "url": "http://osvdb.org/43673" + }, + { + "name": "3419", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3419" + }, + { + "name": "26425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26425" + }, + { + "name": "20071113 Oracle 11g/10g Installation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483652/100/200/threaded" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6307.json b/2007/6xxx/CVE-2007-6307.json index daab7b173ee..ce7573bbb6e 100644 --- a/2007/6xxx/CVE-2007-6307.json +++ b/2007/6xxx/CVE-2007-6307.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071207 [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484727/100/0/threaded" - }, - { - "name" : "http://www.timeprog.com/wwwstats/", - "refsource" : "CONFIRM", - "url" : "http://www.timeprog.com/wwwstats/" - }, - { - "name" : "26759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26759" - }, - { - "name" : "28002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28002" - }, - { - "name" : "3431", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3431" - }, - { - "name" : "wwwstats-clickstats-xss(38925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071207 [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484727/100/0/threaded" + }, + { + "name": "26759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26759" + }, + { + "name": "wwwstats-clickstats-xss(38925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38925" + }, + { + "name": "28002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28002" + }, + { + "name": "3431", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3431" + }, + { + "name": "http://www.timeprog.com/wwwstats/", + "refsource": "CONFIRM", + "url": "http://www.timeprog.com/wwwstats/" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6620.json b/2007/6xxx/CVE-2007-6620.json index 2e712fa4b50..361c654f4f8 100644 --- a/2007/6xxx/CVE-2007-6620.json +++ b/2007/6xxx/CVE-2007-6620.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4799", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4799" - }, - { - "name" : "27056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27056" - }, - { - "name" : "40153", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40153" - }, - { - "name" : "28231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28231" + }, + { + "name": "27056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27056" + }, + { + "name": "40153", + "refsource": "OSVDB", + "url": "http://osvdb.org/40153" + }, + { + "name": "4799", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4799" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0013.json b/2010/0xxx/CVE-2010-0013.json index b5978abc73a..342227db0f2 100644 --- a/2010/0xxx/CVE-2010-0013.json +++ b/2010/0xxx/CVE-2010-0013.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/02/1" - }, - { - "name" : "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/07/1" - }, - { - "name" : "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/01/07/2" - }, - { - "name" : "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467", - "refsource" : "MISC", - "url" : "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467" - }, - { - "name" : "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f", - "refsource" : "MISC", - "url" : "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f" - }, - { - "name" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html", - "refsource" : "MISC", - "url" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html" - }, - { - "name" : "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810", - "refsource" : "CONFIRM", - "url" : "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=552483", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=552483" - }, - { - "name" : "FEDORA-2010-0368", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html" - }, - { - "name" : "FEDORA-2010-0429", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html" - }, - { - "name" : "MDVSA-2010:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085" - }, - { - "name" : "277450", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1" - }, - { - "name" : "1022203", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1" - }, - { - "name" : "SUSE-SR:2010:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:10333", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333" - }, - { - "name" : "oval:org.mitre.oval:def:17620", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620" - }, - { - "name" : "37953", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37953" - }, - { - "name" : "37954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37954" - }, - { - "name" : "38915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38915" - }, - { - "name" : "37961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37961" - }, - { - "name" : "ADV-2009-3662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3662" - }, - { - "name" : "ADV-2009-3663", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3663" - }, - { - "name" : "ADV-2010-1020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/02/1" + }, + { + "name": "37953", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37953" + }, + { + "name": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467", + "refsource": "MISC", + "url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=552483", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483" + }, + { + "name": "277450", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1" + }, + { + "name": "37954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37954" + }, + { + "name": "MDVSA-2010:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085" + }, + { + "name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/07/1" + }, + { + "name": "oval:org.mitre.oval:def:17620", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620" + }, + { + "name": "1022203", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1" + }, + { + "name": "ADV-2009-3663", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3663" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c" + }, + { + "name": "FEDORA-2010-0368", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html" + }, + { + "name": "FEDORA-2010-0429", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html" + }, + { + "name": "ADV-2010-1020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1020" + }, + { + "name": "SUSE-SR:2010:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:10333", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333" + }, + { + "name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html", + "refsource": "MISC", + "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html" + }, + { + "name": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f", + "refsource": "MISC", + "url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f" + }, + { + "name": "ADV-2009-3662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3662" + }, + { + "name": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810", + "refsource": "CONFIRM", + "url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810" + }, + { + "name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/01/07/2" + }, + { + "name": "37961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37961" + }, + { + "name": "38915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38915" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0275.json b/2010/0xxx/CVE-2010-0275.json index e065b5253bd..43de982fcfc 100644 --- a/2010/0xxx/CVE-2010-0275.json +++ b/2010/0xxx/CVE-2010-0275.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776" - }, - { - "name" : "37675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37675" - }, - { - "name" : "38026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38026" - }, - { - "name" : "ADV-2010-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0077" - }, - { - "name" : "domino-script-command-unspecified(55471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38026" + }, + { + "name": "ADV-2010-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0077" + }, + { + "name": "domino-script-command-unspecified(55471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471" + }, + { + "name": "37675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37675" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0307.json b/2010/0xxx/CVE-2010-0307.json index 31453e91d24..bb43c8b2724 100644 --- a/2010/0xxx/CVE-2010-0307.json +++ b/2010/0xxx/CVE-2010-0307.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "[linux-mm] 20100128 DoS on x86_64", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-mm&m=126466407724382&w=2" - }, - { - "name" : "[oss-security] 20100201 CVE request - kernel: DoS on x86_64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/01/1" - }, - { - "name" : "[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/01/5" - }, - { - "name" : "[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/04/1" - }, - { - "name" : "[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/04/9" - }, - { - "name" : "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html", - "refsource" : "MISC", - "url" : "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549" - }, - { - "name" : "http://marc.info/?t=126466700200002&r=1&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?t=126466700200002&r=1&w=2" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=560547", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=560547" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100088287", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100088287" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "FEDORA-2010-1787", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" - }, - { - "name" : "MDVSA-2010:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" - }, - { - "name" : "RHSA-2010:0146", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0146.html" - }, - { - "name" : "RHSA-2010:0398", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0398.html" - }, - { - "name" : "RHSA-2010:0771", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0771.html" - }, - { - "name" : "SUSE-SA:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" - }, - { - "name" : "USN-914-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-914-1" - }, - { - "name" : "38027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38027" - }, - { - "name" : "oval:org.mitre.oval:def:10870", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38922" - }, - { - "name" : "39649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39649" - }, - { - "name" : "38779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38779" - }, - { - "name" : "43315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43315" - }, - { - "name" : "ADV-2010-0638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10870", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549" + }, + { + "name": "[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/01/5" + }, + { + "name": "USN-914-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-914-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=560547", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560547" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8" + }, + { + "name": "ADV-2010-0638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0638" + }, + { + "name": "[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/04/1" + }, + { + "name": "RHSA-2010:0771", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html" + }, + { + "name": "RHSA-2010:0146", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0146.html" + }, + { + "name": "38779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38779" + }, + { + "name": "39649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39649" + }, + { + "name": "SUSE-SA:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" + }, + { + "name": "38922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38922" + }, + { + "name": "http://marc.info/?t=126466700200002&r=1&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?t=126466700200002&r=1&w=2" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html", + "refsource": "MISC", + "url": "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html" + }, + { + "name": "FEDORA-2010-1787", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" + }, + { + "name": "43315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43315" + }, + { + "name": "[linux-mm] 20100128 DoS on x86_64", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-mm&m=126466407724382&w=2" + }, + { + "name": "MDVSA-2010:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" + }, + { + "name": "RHSA-2010:0398", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0398.html" + }, + { + "name": "[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/04/9" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "[oss-security] 20100201 CVE request - kernel: DoS on x86_64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/01/1" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100088287", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100088287" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "38027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38027" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0329.json b/2010/0xxx/CVE-2010-0329.json index 8c13dd01d7f..da688b2ea44 100644 --- a/2010/0xxx/CVE-2010-0329.json +++ b/2010/0xxx/CVE-2010-0329.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" - }, - { - "name" : "38167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38167" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" + }, + { + "name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/" + }, + { + "name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1306.json b/2010/1xxx/CVE-2010-1306.json index f8db61744cc..575a0f5333e 100644 --- a/2010/1xxx/CVE-2010-1306.json +++ b/2010/1xxx/CVE-2010-1306.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt" - }, - { - "name" : "12058", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12058" - }, - { - "name" : "39200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39200" - }, - { - "name" : "39338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39338" - }, - { - "name" : "picasa-controller-file-include(57508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "picasa-controller-file-include(57508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57508" + }, + { + "name": "39200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39200" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt" + }, + { + "name": "12058", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12058" + }, + { + "name": "39338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39338" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1781.json b/2010/1xxx/CVE-2010-1781.json index 16edbd3fac4..9b773db869c 100644 --- a/2010/1xxx/CVE-2010-1781.json +++ b/2010/1xxx/CVE-2010-1781.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4334", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4334" - }, - { - "name" : "http://support.apple.com/kb/HT4456", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4456" - }, - { - "name" : "APPLE-SA-2010-09-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-11-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "43077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43077" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "42314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42314" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - }, - { - "name" : "appleios-inline-elements-code-exec(61698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "appleios-inline-elements-code-exec(61698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "APPLE-SA-2010-09-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" + }, + { + "name": "43077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43077" + }, + { + "name": "http://support.apple.com/kb/HT4334", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4334" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42314" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "http://support.apple.com/kb/HT4456", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4456" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "APPLE-SA-2010-11-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1895.json b/2010/1xxx/CVE-2010-1895.json index eecb8660bf2..5a1cc2a4b8a 100644 --- a/2010/1xxx/CVE-2010-1895.json +++ b/2010/1xxx/CVE-2010-1895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Win32k Pool Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11844", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Win32k Pool Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:11844", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11844" + }, + { + "name": "MS10-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1949.json b/2010/1xxx/CVE-2010-1949.json index 968ca50ab93..bde850dc07e 100644 --- a/2010/1xxx/CVE-2010-1949.json +++ b/2010/1xxx/CVE-2010-1949.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12305", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12305" - }, - { - "name" : "39536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39536" + }, + { + "name": "12305", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12305" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0078.json b/2014/0xxx/CVE-2014-0078.json index af8d6a8e155..68f775f0689 100644 --- a/2014/0xxx/CVE-2014-0078.json +++ b/2014/0xxx/CVE-2014-0078.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064556", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064556" - }, - { - "name" : "RHSA-2014:0469", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0469.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0469", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0139.json b/2014/0xxx/CVE-2014-0139.json index 6e0ac3a7e7f..0af04ad655f 100644 --- a/2014/0xxx/CVE-2014-0139.json +++ b/2014/0xxx/CVE-2014-0139.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://curl.haxx.se/docs/adv_20140326B.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20140326B.html" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" - }, - { - "name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862", - "refsource" : "CONFIRM", - "url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0165.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0165.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675820", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675820" - }, - { - "name" : "DSA-2902", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2902" - }, - { - "name" : "MDVSA-2015:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:213" - }, - { - "name" : "openSUSE-SU-2014:0530", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html" - }, - { - "name" : "USN-2167-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2167-1" - }, - { - "name" : "57836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57836" - }, - { - "name" : "57966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57966" - }, - { - "name" : "57968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57968" - }, - { - "name" : "59458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59458" - }, - { - "name" : "58615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862", + "refsource": "CONFIRM", + "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "MDVSA-2015:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:213" + }, + { + "name": "57836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57836" + }, + { + "name": "http://curl.haxx.se/docs/adv_20140326B.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20140326B.html" + }, + { + "name": "DSA-2902", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2902" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" + }, + { + "name": "59458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59458" + }, + { + "name": "openSUSE-SU-2014:0530", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0165.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0165.html" + }, + { + "name": "58615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58615" + }, + { + "name": "57968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57968" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820" + }, + { + "name": "USN-2167-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2167-1" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" + }, + { + "name": "57966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57966" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0344.json b/2014/0xxx/CVE-2014-0344.json index c2b0a3cef86..33ab7c386a5 100644 --- a/2014/0xxx/CVE-2014-0344.json +++ b/2014/0xxx/CVE-2014-0344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#140886", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/140886" - }, - { - "name" : "66499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66499" + }, + { + "name": "VU#140886", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/140886" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0670.json b/2014/0xxx/CVE-2014-0670.json index 66ce3f9dd08..99e02aeb534 100644 --- a/2014/0xxx/CVE-2014-0670.json +++ b/2014/0xxx/CVE-2014-0670.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514" - }, - { - "name" : "20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670" - }, - { - "name" : "65053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65053" - }, - { - "name" : "102319", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102319" - }, - { - "name" : "1029667", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029667" - }, - { - "name" : "56563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56563" - }, - { - "name" : "cisco-mediasense-cve20140670-xss(90615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029667", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029667" + }, + { + "name": "56563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56563" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514" + }, + { + "name": "20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670" + }, + { + "name": "102319", + "refsource": "OSVDB", + "url": "http://osvdb.org/102319" + }, + { + "name": "65053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65053" + }, + { + "name": "cisco-mediasense-cve20140670-xss(90615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90615" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0948.json b/2014/0xxx/CVE-2014-0948.json index 9f6866fcecf..05c6d3260c7 100644 --- a/2014/0xxx/CVE-2014-0948.json +++ b/2014/0xxx/CVE-2014-0948.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678323", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678323" - }, - { - "name" : "ibm-rsadm-cve20140948-zip(92621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323" + }, + { + "name": "ibm-rsadm-cve20140948-zip(92621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1269.json b/2014/1xxx/CVE-2014-1269.json index 7dc64d152d8..55c8aea1edf 100644 --- a/2014/1xxx/CVE-2014-1269.json +++ b/2014/1xxx/CVE-2014-1269.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6145", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6145" - }, - { - "name" : "http://support.apple.com/kb/HT6162", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6162" - }, - { - "name" : "http://support.apple.com/kb/HT6163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6163" - }, - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6145", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6145" + }, + { + "name": "http://support.apple.com/kb/HT6163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6163" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "http://support.apple.com/kb/HT6162", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6162" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1487.json b/2014/1xxx/CVE-2014-1487.json index 9360fcb6d1c..9036db9719f 100644 --- a/2014/1xxx/CVE-2014-1487.json +++ b/2014/1xxx/CVE-2014-1487.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=947592", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" - }, - { - "name" : "https://8pecxstudios.com/?page_id=44080", - "refsource" : "CONFIRM", - "url" : "https://8pecxstudios.com/?page_id=44080" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" - }, - { - "name" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" - }, - { - "name" : "DSA-2858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2858" - }, - { - "name" : "FEDORA-2014-2041", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" - }, - { - "name" : "FEDORA-2014-2083", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0132", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0132.html" - }, - { - "name" : "RHSA-2014:0133", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0133.html" - }, - { - "name" : "SUSE-SU-2014:0248", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0212", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:0213", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:0419", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" - }, - { - "name" : "USN-2102-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-1" - }, - { - "name" : "USN-2102-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2102-2" - }, - { - "name" : "USN-2119-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2119-1" - }, - { - "name" : "65330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65330" - }, - { - "name" : "102873", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102873" - }, - { - "name" : "1029717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029717" - }, - { - "name" : "1029720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029720" - }, - { - "name" : "1029721", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029721" - }, - { - "name" : "56706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56706" - }, - { - "name" : "56761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56761" - }, - { - "name" : "56763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56763" - }, - { - "name" : "56767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56767" - }, - { - "name" : "56787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56787" - }, - { - "name" : "56858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56858" - }, - { - "name" : "56888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56888" - }, - { - "name" : "56922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56922" - }, - { - "name" : "mozilla-cve20141487-info-disc(90889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2119-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2119-1" + }, + { + "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" + }, + { + "name": "1029721", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029721" + }, + { + "name": "openSUSE-SU-2014:0212", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" + }, + { + "name": "1029717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029717" + }, + { + "name": "65330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65330" + }, + { + "name": "mozilla-cve20141487-info-disc(90889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" + }, + { + "name": "https://8pecxstudios.com/?page_id=44080", + "refsource": "CONFIRM", + "url": "https://8pecxstudios.com/?page_id=44080" + }, + { + "name": "RHSA-2014:0132", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" + }, + { + "name": "56922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56922" + }, + { + "name": "56787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56787" + }, + { + "name": "1029720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029720" + }, + { + "name": "56858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56858" + }, + { + "name": "DSA-2858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2858" + }, + { + "name": "56763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56763" + }, + { + "name": "USN-2102-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-2" + }, + { + "name": "102873", + "refsource": "OSVDB", + "url": "http://osvdb.org/102873" + }, + { + "name": "RHSA-2014:0133", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" + }, + { + "name": "56888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56888" + }, + { + "name": "FEDORA-2014-2083", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" + }, + { + "name": "openSUSE-SU-2014:0419", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" + }, + { + "name": "56761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56761" + }, + { + "name": "FEDORA-2014-2041", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" + }, + { + "name": "SUSE-SU-2014:0248", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" + }, + { + "name": "openSUSE-SU-2014:0213", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" + }, + { + "name": "USN-2102-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2102-1" + }, + { + "name": "56767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56767" + }, + { + "name": "56706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56706" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1762.json b/2014/1xxx/CVE-2014-1762.json index d1f859792d6..6fced95965c 100644 --- a/2014/1xxx/CVE-2014-1762.json +++ b/2014/1xxx/CVE-2014-1762.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twitter.com/thezdi/statuses/443810610958958592", - "refsource" : "MISC", - "url" : "http://twitter.com/thezdi/statuses/443810610958958592" - }, - { - "name" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/", - "refsource" : "MISC", - "url" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" - }, - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67511" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67511" + }, + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/", + "refsource": "MISC", + "url": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "http://twitter.com/thezdi/statuses/443810610958958592", + "refsource": "MISC", + "url": "http://twitter.com/thezdi/statuses/443810610958958592" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1923.json b/2014/1xxx/CVE-2014-1923.json index dacfc2967f8..ea12822d2b0 100644 --- a/2014/1xxx/CVE-2014-1923.json +++ b/2014/1xxx/CVE-2014-1923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4075.json b/2014/4xxx/CVE-2014-4075.json index 5e84fd64fcc..9889ad5c7fd 100644 --- a/2014/4xxx/CVE-2014-4075.json +++ b/2014/4xxx/CVE-2014-4075.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-4075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx" - }, - { - "name" : "MS14-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059" - }, - { - "name" : "70352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70352" - }, - { - "name" : "1031023", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031023" - }, - { - "name" : "60971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx" + }, + { + "name": "60971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60971" + }, + { + "name": "1031023", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031023" + }, + { + "name": "MS14-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059" + }, + { + "name": "70352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70352" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4547.json b/2014/4xxx/CVE-2014-4547.json index f775e60b88e..d88659a6cd5 100644 --- a/2014/4xxx/CVE-2014-4547.json +++ b/2014/4xxx/CVE-2014-4547.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500" + }, + { + "name": "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4550.json b/2014/4xxx/CVE-2014-4550.json index 4d1a907c1d2..5630e635b6a 100644 --- a/2014/4xxx/CVE-2014-4550.json +++ b/2014/4xxx/CVE-2014-4550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4582.json b/2014/4xxx/CVE-2014-4582.json index f5471927af0..ca1c34796c0 100644 --- a/2014/4xxx/CVE-2014-4582.json +++ b/2014/4xxx/CVE-2014-4582.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4909.json b/2014/4xxx/CVE-2014-4909.json index c2d237caf9b..8cd4306a903 100644 --- a/2014/4xxx/CVE-2014-4909.json +++ b/2014/4xxx/CVE-2014-4909.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/10/4" - }, - { - "name" : "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/11/5" - }, - { - "name" : "http://inertiawar.com/submission.go", - "refsource" : "MISC", - "url" : "http://inertiawar.com/submission.go" - }, - { - "name" : "https://twitter.com/benhawkes/statuses/484378151959539712", - "refsource" : "MISC", - "url" : "https://twitter.com/benhawkes/statuses/484378151959539712" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=516822", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=516822" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118290" - }, - { - "name" : "https://trac.transmissionbt.com/wiki/Changes#version-2.84", - "refsource" : "CONFIRM", - "url" : "https://trac.transmissionbt.com/wiki/Changes#version-2.84" - }, - { - "name" : "DSA-2988", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2988" - }, - { - "name" : "FEDORA-2014-8331", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html" - }, - { - "name" : "openSUSE-SU-2014:0980", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html" - }, - { - "name" : "USN-2279-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2279-1" - }, - { - "name" : "68487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68487" - }, - { - "name" : "108997", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/108997" - }, - { - "name" : "59897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59897" - }, - { - "name" : "60108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60108" - }, - { - "name" : "60527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-8331", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html" + }, + { + "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84", + "refsource": "CONFIRM", + "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84" + }, + { + "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4" + }, + { + "name": "68487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68487" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=516822", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822" + }, + { + "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5" + }, + { + "name": "60108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60108" + }, + { + "name": "60527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60527" + }, + { + "name": "59897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59897" + }, + { + "name": "DSA-2988", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2988" + }, + { + "name": "http://inertiawar.com/submission.go", + "refsource": "MISC", + "url": "http://inertiawar.com/submission.go" + }, + { + "name": "USN-2279-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2279-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290" + }, + { + "name": "https://twitter.com/benhawkes/statuses/484378151959539712", + "refsource": "MISC", + "url": "https://twitter.com/benhawkes/statuses/484378151959539712" + }, + { + "name": "openSUSE-SU-2014:0980", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html" + }, + { + "name": "108997", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/108997" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5901.json b/2014/5xxx/CVE-2014-5901.json index 29d43d24816..a2ded5e7320 100644 --- a/2014/5xxx/CVE-2014-5901.json +++ b/2014/5xxx/CVE-2014-5901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#433425", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/433425" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#433425", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/433425" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5924.json b/2014/5xxx/CVE-2014-5924.json index 9bec6520c45..61772706741 100644 --- a/2014/5xxx/CVE-2014-5924.json +++ b/2014/5xxx/CVE-2014-5924.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#775569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/775569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#775569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/775569" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10092.json b/2016/10xxx/CVE-2016-10092.json index dc1453b40f5..3ebbb852915 100644 --- a/2016/10xxx/CVE-2016-10092.json +++ b/2016/10xxx/CVE-2016-10092.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/01/12" - }, - { - "name" : "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/01/10" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2620", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2620" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2622", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2622" - }, - { - "name" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", - "refsource" : "CONFIRM", - "url" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" - }, - { - "name" : "DSA-3762", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3762" - }, - { - "name" : "95218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2620", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2620" + }, + { + "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2622", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2622" + }, + { + "name": "95218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95218" + }, + { + "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10" + }, + { + "name": "DSA-3762", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3762" + }, + { + "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", + "refsource": "CONFIRM", + "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10245.json b/2016/10xxx/CVE-2016-10245.json index 5238e91f1ed..3210826cbcc 100644 --- a/2016/10xxx/CVE-2016-10245.json +++ b/2016/10xxx/CVE-2016-10245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10690.json b/2016/10xxx/CVE-2016-10690.json index 12f16ac8ada..07cac75cd71 100644 --- a/2016/10xxx/CVE-2016-10690.json +++ b/2016/10xxx/CVE-2016-10690.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openframe-ascii-image node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openframe-ascii-image node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/298", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/298", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/298" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10717.json b/2016/10xxx/CVE-2016-10717.json index 8293efcdfcf..6a822c386ce 100644 --- a/2016/10xxx/CVE-2016-10717.json +++ b/2016/10xxx/CVE-2016-10717.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securitytube.net/video/16690", - "refsource" : "MISC", - "url" : "http://www.securitytube.net/video/16690" - }, - { - "name" : "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/", - "refsource" : "MISC", - "url" : "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/" - }, - { - "name" : "https://github.com/mspaling/mbam-exclusions-poc-", - "refsource" : "MISC", - "url" : "https://github.com/mspaling/mbam-exclusions-poc-" - }, - { - "name" : "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt", - "refsource" : "MISC", - "url" : "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt" - }, - { - "name" : "https://www.youtube.com/watch?v=LF5ic5nOoUY", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=LF5ic5nOoUY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=LF5ic5nOoUY", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY" + }, + { + "name": "http://www.securitytube.net/video/16690", + "refsource": "MISC", + "url": "http://www.securitytube.net/video/16690" + }, + { + "name": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt", + "refsource": "MISC", + "url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt" + }, + { + "name": "https://github.com/mspaling/mbam-exclusions-poc-", + "refsource": "MISC", + "url": "https://github.com/mspaling/mbam-exclusions-poc-" + }, + { + "name": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/", + "refsource": "MISC", + "url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3022.json b/2016/3xxx/CVE-2016-3022.json index b33e0d9501d..73fec64bfa3 100644 --- a/2016/3xxx/CVE-2016-3022.json +++ b/2016/3xxx/CVE-2016-3022.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-3022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-3022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21995360", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21995360" - }, - { - "name" : "96130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96130" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21995360", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21995360" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3542.json b/2016/3xxx/CVE-2016-3542.json index b2e95129c5c..8e2f104c360 100644 --- a/2016/3xxx/CVE-2016-3542.json +++ b/2016/3xxx/CVE-2016-3542.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-3542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91873" - }, - { - "name" : "1036403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91873" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "1036403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036403" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3822.json b/2016/3xxx/CVE-2016-3822.json index d6ea7cbc55d..0a0d217c8c4 100644 --- a/2016/3xxx/CVE-2016-3822.json +++ b/2016/3xxx/CVE-2016-3822.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b" - }, - { - "name" : "DSA-3825", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3825" - }, - { - "name" : "92226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92226" + }, + { + "name": "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b" + }, + { + "name": "DSA-3825", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3825" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3830.json b/2016/3xxx/CVE-2016-3830.json index ddeaf1cbe49..00377be800f 100644 --- a/2016/3xxx/CVE-2016-3830.json +++ b/2016/3xxx/CVE-2016-3830.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06" - }, - { - "name" : "92221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06" + }, + { + "name": "92221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92221" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7240.json b/2016/7xxx/CVE-2016-7240.json index b4d5f367afd..8e65648b17f 100644 --- a/2016/7xxx/CVE-2016-7240.json +++ b/2016/7xxx/CVE-2016-7240.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40773/" - }, - { - "name" : "MS16-129", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" - }, - { - "name" : "94046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94046" - }, - { - "name" : "1037245", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-129", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" + }, + { + "name": "40773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40773/" + }, + { + "name": "94046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94046" + }, + { + "name": "1037245", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037245" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8138.json b/2016/8xxx/CVE-2016-8138.json index 53264dd9a68..63b3f84f644 100644 --- a/2016/8xxx/CVE-2016-8138.json +++ b/2016/8xxx/CVE-2016-8138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8461.json b/2016/8xxx/CVE-2016-8461.json index 656a30fb10d..2b6300f6aaa 100644 --- a/2016/8xxx/CVE-2016-8461.json +++ b/2016/8xxx/CVE-2016-8461.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-8461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android Kernel-3.18", - "version" : { - "version_data" : [ - { - "version_value" : "Android Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-8461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android Kernel-3.18", + "version": { + "version_data": [ + { + "version_value": "Android Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95237" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8985.json b/2016/8xxx/CVE-2016-8985.json index eae8755a882..cf567a94c7d 100644 --- a/2016/8xxx/CVE-2016-8985.json +++ b/2016/8xxx/CVE-2016-8985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8985", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8985", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9019.json b/2016/9xxx/CVE-2016-9019.json index a2035f0b1bf..1ba6009f438 100644 --- a/2016/9xxx/CVE-2016-9019.json +++ b/2016/9xxx/CVE-2016-9019.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161102 Disclose [10 * cve] in Exponent CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Nov/12" - }, - { - "name" : "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591", - "refsource" : "MISC", - "url" : "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591" - }, - { - "name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" - }, - { - "name" : "97240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" + }, + { + "name": "20161102 Disclose [10 * cve] in Exponent CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/12" + }, + { + "name": "97240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97240" + }, + { + "name": "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591", + "refsource": "MISC", + "url": "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9072.json b/2016/9xxx/CVE-2016-9072.json index 794363280ad..c3dbf6f27ef 100644 --- a/2016/9xxx/CVE-2016-9072.json +++ b/2016/9xxx/CVE-2016-9072.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2016-9072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "50" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "64-bit NPAPI sandbox isn't enabled on fresh profile" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-9072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "50" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" - }, - { - "name" : "94337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94337" - }, - { - "name" : "1037298", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "64-bit NPAPI sandbox isn't enabled on fresh profile" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94337" + }, + { + "name": "1037298", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037298" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9201.json b/2016/9xxx/CVE-2016-9201.json index 4f97a2547ff..b67836f2d24 100644 --- a/2016/9xxx/CVE-2016-9201.json +++ b/2016/9xxx/CVE-2016-9201.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf" - }, - { - "name" : "94811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94811" - }, - { - "name" : "1037419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94811" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf" + }, + { + "name": "1037419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037419" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9230.json b/2016/9xxx/CVE-2016-9230.json index ec4d48ef2c7..cca802297c9 100644 --- a/2016/9xxx/CVE-2016-9230.json +++ b/2016/9xxx/CVE-2016-9230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9230", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9230", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9241.json b/2016/9xxx/CVE-2016-9241.json index 59e22dba462..6e59da0099d 100644 --- a/2016/9xxx/CVE-2016-9241.json +++ b/2016/9xxx/CVE-2016-9241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9241", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9241", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2085.json b/2019/2xxx/CVE-2019-2085.json index ee58b27d824..d79310e6def 100644 --- a/2019/2xxx/CVE-2019-2085.json +++ b/2019/2xxx/CVE-2019-2085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2164.json b/2019/2xxx/CVE-2019-2164.json index 1b23e2bb889..89699c77e56 100644 --- a/2019/2xxx/CVE-2019-2164.json +++ b/2019/2xxx/CVE-2019-2164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2258.json b/2019/2xxx/CVE-2019-2258.json index fc9e0982863..1c103a479fd 100644 --- a/2019/2xxx/CVE-2019-2258.json +++ b/2019/2xxx/CVE-2019-2258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2936.json b/2019/2xxx/CVE-2019-2936.json index fd2ea64eede..ae818f9d981 100644 --- a/2019/2xxx/CVE-2019-2936.json +++ b/2019/2xxx/CVE-2019-2936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2936", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2936", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6297.json b/2019/6xxx/CVE-2019-6297.json index 7538bbee2f9..c04cc461c7a 100644 --- a/2019/6xxx/CVE-2019-6297.json +++ b/2019/6xxx/CVE-2019-6297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6903.json b/2019/6xxx/CVE-2019-6903.json index f88c0f759d6..e544e8b7d76 100644 --- a/2019/6xxx/CVE-2019-6903.json +++ b/2019/6xxx/CVE-2019-6903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file