diff --git a/2006/5xxx/CVE-2006-5813.json b/2006/5xxx/CVE-2006-5813.json index 180c8ed28a5..de09f223dc8 100644 --- a/2006/5xxx/CVE-2006-5813.json +++ b/2006/5xxx/CVE-2006-5813.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a \"Novell eDirectory 8.8 DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gleg.net/vulndisco_meta.shtml", - "refsource" : "MISC", - "url" : "http://gleg.net/vulndisco_meta.shtml" - }, - { - "name" : "1017169", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017169" - }, - { - "name" : "novell-edirectory-dos(30149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a \"Novell eDirectory 8.8 DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gleg.net/vulndisco_meta.shtml", + "refsource": "MISC", + "url": "http://gleg.net/vulndisco_meta.shtml" + }, + { + "name": "1017169", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017169" + }, + { + "name": "novell-edirectory-dos(30149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30149" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2148.json b/2007/2xxx/CVE-2007-2148.json index 6c54ce4034f..570f52dc0f4 100644 --- a/2007/2xxx/CVE-2007-2148.json +++ b/2007/2xxx/CVE-2007-2148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070412 Chatness <= 2.5.3 - Arbitrary Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465547/100/0/threaded" - }, - { - "name" : "ADV-2007-1386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1386" - }, - { - "name" : "24873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24873" - }, - { - "name" : "2595", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070412 Chatness <= 2.5.3 - Arbitrary Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465547/100/0/threaded" + }, + { + "name": "24873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24873" + }, + { + "name": "ADV-2007-1386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1386" + }, + { + "name": "2595", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2595" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2213.json b/2007/2xxx/CVE-2007-2213.json index 6ecda3ad9d8..96b290765a6 100644 --- a/2007/2xxx/CVE-2007-2213.json +++ b/2007/2xxx/CVE-2007-2213.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to \"improper arguments.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070421 WS_FTP Home 2007 NetscapeFTPHandler denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466576/100/0/threaded" - }, - { - "name" : "20070422 Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466647/100/0/threaded" - }, - { - "name" : "23584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23584" - }, - { - "name" : "wsftp-netscapeftphandler-dos(33846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to \"improper arguments.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070422 Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466647/100/0/threaded" + }, + { + "name": "20070421 WS_FTP Home 2007 NetscapeFTPHandler denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466576/100/0/threaded" + }, + { + "name": "23584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23584" + }, + { + "name": "wsftp-netscapeftphandler-dos(33846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33846" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2702.json b/2007/2xxx/CVE-2007-2702.json index 7122c43cc6d..ff56f985bdd 100644 --- a/2007/2xxx/CVE-2007-2702.json +++ b/2007/2xxx/CVE-2007-2702.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-166.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/235" - }, - { - "name" : "ADV-2007-1815", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1815" - }, - { - "name" : "36066", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36066" - }, - { - "name" : "1018060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018060" - }, - { - "name" : "25284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25284" - }, - { - "name" : "weblogic-portal-groupspace-xss(34283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogic-portal-groupspace-xss(34283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283" + }, + { + "name": "25284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25284" + }, + { + "name": "36066", + "refsource": "OSVDB", + "url": "http://osvdb.org/36066" + }, + { + "name": "BEA07-166.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/235" + }, + { + "name": "1018060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018060" + }, + { + "name": "ADV-2007-1815", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1815" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3352.json b/2007/3xxx/CVE-2007-3352.json index 85caac05b8e..29e89437831 100644 --- a/2007/3xxx/CVE-2007-3352.json +++ b/2007/3xxx/CVE-2007-3352.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.ostermiller.com/show_bug.cgi?id=151", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.ostermiller.com/show_bug.cgi?id=151" - }, - { - "name" : "http://ostermiller.org/contactform/", - "refsource" : "CONFIRM", - "url" : "http://ostermiller.org/contactform/" - }, - { - "name" : "20070620 bit amusing (Contact Form 2.00.02)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-June/001669.html" - }, - { - "name" : "24559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24559" - }, - { - "name" : "ADV-2007-2333", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2333" - }, - { - "name" : "36372", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36372" - }, - { - "name" : "25812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25812" - }, - { - "name" : "contactform-apostrophe-xss(34962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ostermiller.org/contactform/", + "refsource": "CONFIRM", + "url": "http://ostermiller.org/contactform/" + }, + { + "name": "36372", + "refsource": "OSVDB", + "url": "http://osvdb.org/36372" + }, + { + "name": "24559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24559" + }, + { + "name": "ADV-2007-2333", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2333" + }, + { + "name": "http://bugzilla.ostermiller.com/show_bug.cgi?id=151", + "refsource": "CONFIRM", + "url": "http://bugzilla.ostermiller.com/show_bug.cgi?id=151" + }, + { + "name": "contactform-apostrophe-xss(34962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34962" + }, + { + "name": "20070620 bit amusing (Contact Form 2.00.02)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-June/001669.html" + }, + { + "name": "25812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25812" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3439.json b/2007/3xxx/CVE-2007-3439.json index 1b8141c6be3..7bd18c3a81c 100644 --- a/2007/3xxx/CVE-2007-3439.json +++ b/2007/3xxx/CVE-2007-3439.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&", - "refsource" : "MISC", - "url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&" - }, - { - "name" : "24532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24532" - }, - { - "name" : "37753", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37753" - }, - { - "name" : "25840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&", + "refsource": "MISC", + "url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=275&" + }, + { + "name": "25840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25840" + }, + { + "name": "24532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24532" + }, + { + "name": "37753", + "refsource": "OSVDB", + "url": "http://osvdb.org/37753" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3496.json b/2007/3xxx/CVE-2007-3496.json index 0ce2502b51b..0ea0ac1874b 100644 --- a/2007/3xxx/CVE-2007-3496.json +++ b/2007/3xxx/CVE-2007-3496.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070627 SAP Web Dynpro Java (BC-WD-JAV) Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472341/100/0/threaded" - }, - { - "name" : "http://www.csnc.ch/advisory/sap01.html", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/advisory/sap01.html" - }, - { - "name" : "ADV-2007-2381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2381" - }, - { - "name" : "37748", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37748" - }, - { - "name" : "25866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25866" - }, - { - "name" : "2850", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.csnc.ch/advisory/sap01.html", + "refsource": "MISC", + "url": "http://www.csnc.ch/advisory/sap01.html" + }, + { + "name": "2850", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2850" + }, + { + "name": "20070627 SAP Web Dynpro Java (BC-WD-JAV) Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472341/100/0/threaded" + }, + { + "name": "25866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25866" + }, + { + "name": "ADV-2007-2381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2381" + }, + { + "name": "37748", + "refsource": "OSVDB", + "url": "http://osvdb.org/37748" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3518.json b/2007/3xxx/CVE-2007-3518.json index 1a43f2026e3..b77124f71d5 100644 --- a/2007/3xxx/CVE-2007-3518.json +++ b/2007/3xxx/CVE-2007-3518.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4136", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4136" - }, - { - "name" : "24720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24720" - }, - { - "name" : "ADV-2007-2400", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2400" - }, - { - "name" : "36328", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36328" - }, - { - "name" : "25922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25922" - }, - { - "name" : "youtube-msg-sql-injection(35192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25922" + }, + { + "name": "24720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24720" + }, + { + "name": "youtube-msg-sql-injection(35192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35192" + }, + { + "name": "ADV-2007-2400", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2400" + }, + { + "name": "36328", + "refsource": "OSVDB", + "url": "http://osvdb.org/36328" + }, + { + "name": "4136", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4136" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3544.json b/2007/3xxx/CVE-2007-3544.json index 616702d88e0..0024f095a86 100644 --- a/2007/3xxx/CVE-2007-3544.json +++ b/2007/3xxx/CVE-2007-3544.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html", - "refsource" : "MISC", - "url" : "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html" - }, - { - "name" : "37294", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html", + "refsource": "MISC", + "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html" + }, + { + "name": "37294", + "refsource": "OSVDB", + "url": "http://osvdb.org/37294" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3560.json b/2007/3xxx/CVE-2007-3560.json index 3c083de42da..dcc6c75457a 100644 --- a/2007/3xxx/CVE-2007-3560.json +++ b/2007/3xxx/CVE-2007-3560.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=118575&release_id=519061", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=118575&release_id=519061" - }, - { - "name" : "24732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24732" - }, - { - "name" : "37793", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37793" - }, - { - "name" : "25791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25791" - }, - { - "name" : "esqlanelapse-multiple-unspecified(35227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37793", + "refsource": "OSVDB", + "url": "http://osvdb.org/37793" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=118575&release_id=519061", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=118575&release_id=519061" + }, + { + "name": "25791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25791" + }, + { + "name": "esqlanelapse-multiple-unspecified(35227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35227" + }, + { + "name": "24732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24732" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4348.json b/2007/4xxx/CVE-2007-4348.json index 0b966ac2f48..ffc221234f6 100644 --- a/2007/4xxx/CVE-2007-4348.json +++ b/2007/4xxx/CVE-2007-4348.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2007-75/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-75/advisory" - }, - { - "name" : "26221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26221" - }, - { - "name" : "ADV-2007-3635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3635" - }, - { - "name" : "1018868", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018868" - }, - { - "name" : "27013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27013" - }, - { - "name" : "ibm-tsm-cad-xss(38125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3635" + }, + { + "name": "ibm-tsm-cad-xss(38125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38125" + }, + { + "name": "26221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26221" + }, + { + "name": "27013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27013" + }, + { + "name": "http://secunia.com/secunia_research/2007-75/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-75/advisory" + }, + { + "name": "1018868", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018868" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4461.json b/2007/4xxx/CVE-2007-4461.json index 0f9bef61fd5..59d81270906 100644 --- a/2007/4xxx/CVE-2007-4461.json +++ b/2007/4xxx/CVE-2007-4461.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain \"out of period\" choices of packet transmission time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nufw.org/+NuFW-2-2-4,201+.html", - "refsource" : "CONFIRM", - "url" : "http://www.nufw.org/+NuFW-2-2-4,201+.html" - }, - { - "name" : "25379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25379" - }, - { - "name" : "39725", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39725" - }, - { - "name" : "26546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26546" - }, - { - "name" : "nufw-arrivaltime-security-bypass(36134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain \"out of period\" choices of packet transmission time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26546" + }, + { + "name": "39725", + "refsource": "OSVDB", + "url": "http://osvdb.org/39725" + }, + { + "name": "25379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25379" + }, + { + "name": "http://www.nufw.org/+NuFW-2-2-4,201+.html", + "refsource": "CONFIRM", + "url": "http://www.nufw.org/+NuFW-2-2-4,201+.html" + }, + { + "name": "nufw-arrivaltime-security-bypass(36134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36134" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6082.json b/2007/6xxx/CVE-2007-6082.json index 56f881ae4f1..c8274ff487b 100644 --- a/2007/6xxx/CVE-2007-6082.json +++ b/2007/6xxx/CVE-2007-6082.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071117 Sciurus Hosting Panel Code İnjection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483867/100/0/threaded" - }, - { - "name" : "4635", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4635" - }, - { - "name" : "http://www.r57.li/exploit.txt", - "refsource" : "MISC", - "url" : "http://www.r57.li/exploit.txt" - }, - { - "name" : "26481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26481" - }, - { - "name" : "3388", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3388" - }, - { - "name" : "sciurus-savenews-code-execution(38543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3388", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3388" + }, + { + "name": "4635", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4635" + }, + { + "name": "20071117 Sciurus Hosting Panel Code İnjection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483867/100/0/threaded" + }, + { + "name": "sciurus-savenews-code-execution(38543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38543" + }, + { + "name": "26481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26481" + }, + { + "name": "http://www.r57.li/exploit.txt", + "refsource": "MISC", + "url": "http://www.r57.li/exploit.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6182.json b/2007/6xxx/CVE-2007-6182.json index f77a6bcf830..020f4fda109 100644 --- a/2007/6xxx/CVE-2007-6182.json +++ b/2007/6xxx/CVE-2007-6182.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ispsystem.com/en/support/changelog/ispmgr.html?all=yes", - "refsource" : "MISC", - "url" : "http://ispsystem.com/en/support/changelog/ispmgr.html?all=yes" - }, - { - "name" : "http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf", - "refsource" : "MISC", - "url" : "http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf" - }, - { - "name" : "26503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26503" - }, - { - "name" : "42337", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42337" - }, - { - "name" : "27585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27585" - }, - { - "name" : "ispmgr-responder-privilege-escalation(38564)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26503" + }, + { + "name": "42337", + "refsource": "OSVDB", + "url": "http://osvdb.org/42337" + }, + { + "name": "http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf", + "refsource": "MISC", + "url": "http://www.fortconsult.net/images/pdf/advisories/ispmgr_nov2007.pdf" + }, + { + "name": "http://ispsystem.com/en/support/changelog/ispmgr.html?all=yes", + "refsource": "MISC", + "url": "http://ispsystem.com/en/support/changelog/ispmgr.html?all=yes" + }, + { + "name": "27585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27585" + }, + { + "name": "ispmgr-responder-privilege-escalation(38564)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38564" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6267.json b/2007/6xxx/CVE-2007-6267.json index 6c948964588..6e61c3f770a 100644 --- a/2007/6xxx/CVE-2007-6267.json +++ b/2007/6xxx/CVE-2007-6267.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX115281", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX115281" - }, - { - "name" : "26705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26705" - }, - { - "name" : "ADV-2007-4091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4091" - }, - { - "name" : "1019050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019050" - }, - { - "name" : "27935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27935" - }, - { - "name" : "edgesight-configuration-file-info-disclosure(38861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX115281", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX115281" + }, + { + "name": "edgesight-configuration-file-info-disclosure(38861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38861" + }, + { + "name": "ADV-2007-4091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4091" + }, + { + "name": "1019050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019050" + }, + { + "name": "26705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26705" + }, + { + "name": "27935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27935" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6741.json b/2007/6xxx/CVE-2007-6741.json index 9e1339f8b5c..989371288f7 100644 --- a/2007/6xxx/CVE-2007-6741.json +++ b/2007/6xxx/CVE-2007-6741.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=11", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=11" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/detail?r=32", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/detail?r=32" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" + }, + { + "name": "http://code.google.com/p/pyftpdlib/issues/detail?id=11", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/issues/detail?id=11" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/detail?r=32", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/detail?r=32" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn32&r=32&format=side&path=/trunk/pyftpdlib/FTPServer.py" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0681.json b/2010/0xxx/CVE-2010-0681.json index dce11b3c720..9a9ecae8a8f 100644 --- a/2010/0xxx/CVE-2010-0681.json +++ b/2010/0xxx/CVE-2010-0681.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11437", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11437", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11437" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1742.json b/2010/1xxx/CVE-2010-1742.json index b8b10e3b3bd..9d9e6e46a8e 100644 --- a/2010/1xxx/CVE-2010-1742.json +++ b/2010/1xxx/CVE-2010-1742.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12458", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12458" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/scratcher-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/scratcher-sqlxss.txt" - }, - { - "name" : "39827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39827" - }, - { - "name" : "64219", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64219" - }, - { - "name" : "39631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39631" - }, - { - "name" : "scratcher-projects-xss(58235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12458", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12458" + }, + { + "name": "scratcher-projects-xss(58235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58235" + }, + { + "name": "64219", + "refsource": "OSVDB", + "url": "http://osvdb.org/64219" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/scratcher-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/scratcher-sqlxss.txt" + }, + { + "name": "39631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39631" + }, + { + "name": "39827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39827" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1792.json b/2010/1xxx/CVE-2010-1792.json index 269e163e412..d0980f56d4e 100644 --- a/2010/1xxx/CVE-2010-1792.json +++ b/2010/1xxx/CVE-2010-1792.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4276", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4276" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "APPLE-SA-2010-07-28-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "MDVSA-2011:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" - }, - { - "name" : "RHSA-2011:0177", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1006-1" - }, - { - "name" : "42020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42020" - }, - { - "name" : "oval:org.mitre.oval:def:11898", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11898" - }, - { - "name" : "41856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41856" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43086" - }, - { - "name" : "ADV-2010-2722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2722" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0216" - }, - { - "name" : "ADV-2011-0552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" + }, + { + "name": "ADV-2010-2722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2722" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4276", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4276" + }, + { + "name": "USN-1006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1006-1" + }, + { + "name": "41856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41856" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2010-07-28-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html" + }, + { + "name": "ADV-2011-0216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0216" + }, + { + "name": "43086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43086" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "RHSA-2011:0177", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html" + }, + { + "name": "oval:org.mitre.oval:def:11898", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11898" + }, + { + "name": "ADV-2011-0552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0552" + }, + { + "name": "42020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42020" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0041.json b/2014/0xxx/CVE-2014-0041.json index f5fd2aeb383..cbd154b1c69 100644 --- a/2014/0xxx/CVE-2014-0041.json +++ b/2014/0xxx/CVE-2014-0041.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/heat-templates/+bug/1267635", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/heat-templates/+bug/1267635" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059515" - }, - { - "name" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3CONFIRM:", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3CONFIRM:" - }, - { - "name" : "RHSA-2014:0579", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0579.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3CONFIRM:", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3CONFIRM:" + }, + { + "name": "https://bugs.launchpad.net/heat-templates/+bug/1267635", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/heat-templates/+bug/1267635" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059515", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059515" + }, + { + "name": "RHSA-2014:0579", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0579.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0042.json b/2014/0xxx/CVE-2014-0042.json index 7c69c335392..87bd3c05413 100644 --- a/2014/0xxx/CVE-2014-0042.json +++ b/2014/0xxx/CVE-2014-0042.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/heat-templates/+bug/1267635", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/heat-templates/+bug/1267635" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059520", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059520" - }, - { - "name" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3" - }, - { - "name" : "RHSA-2014:0579", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0579.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/heat-templates/+bug/1267635", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/heat-templates/+bug/1267635" + }, + { + "name": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059520", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059520" + }, + { + "name": "RHSA-2014:0579", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0579.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0099.json b/2014/0xxx/CVE-2014-0099.json index 385ca39f230..38ed59a3ac2 100644 --- a/2014/0xxx/CVE-2014-0099.json +++ b/2014/0xxx/CVE-2014-0099.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532221/100/0/threaded" - }, - { - "name" : "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532218/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/140" - }, - { - "name" : "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/138" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1578812", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1578812" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1578814", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1578814" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1580473", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1580473" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "http://tomcat.apache.org/security-8.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-8.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0865.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0865.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680603", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680603" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0268.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0268.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" - }, - { - "name" : "DSA-3530", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3530" - }, - { - "name" : "DSA-3447", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3447" - }, - { - "name" : "FEDORA-2015-2109", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" - }, - { - "name" : "HPSBUX03150", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141390017113542&w=2" - }, - { - "name" : "HPSBOV03503", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144498216801440&w=2" - }, - { - "name" : "HPSBUX03102", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "SSRT101681", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" - }, - { - "name" : "MDVSA-2015:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" - }, - { - "name" : "MDVSA-2015:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" - }, - { - "name" : "MDVSA-2015:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "67668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67668" - }, - { - "name" : "1030302", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030302" - }, - { - "name" : "59678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59678" - }, - { - "name" : "59835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59835" - }, - { - "name" : "59873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59873" - }, - { - "name" : "59732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59732" - }, - { - "name" : "59849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59849" - }, - { - "name" : "60729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60729" - }, - { - "name" : "60793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60793" - }, - { - "name" : "59121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.mageia.org/MGASA-2014-0268.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0268.html" + }, + { + "name": "59121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59121" + }, + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "59732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59732" + }, + { + "name": "59835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59835" + }, + { + "name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528" + }, + { + "name": "MDVSA-2015:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/140" + }, + { + "name": "59849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59849" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0865.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html" + }, + { + "name": "67668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67668" + }, + { + "name": "MDVSA-2015:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" + }, + { + "name": "DSA-3530", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3530" + }, + { + "name": "59678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59678" + }, + { + "name": "HPSBUX03102", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "MDVSA-2015:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "HPSBUX03150", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2" + }, + { + "name": "FEDORA-2015-2109", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" + }, + { + "name": "http://tomcat.apache.org/security-8.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-8.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "59873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59873" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1578814", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1578814" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "1030302", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030302" + }, + { + "name": "HPSBOV03503", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" + }, + { + "name": "SSRT101681", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1578812", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1578812" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1580473", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1580473" + }, + { + "name": "DSA-3447", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3447" + }, + { + "name": "60729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60729" + }, + { + "name": "60793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60793" + }, + { + "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/138" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0171.json b/2014/0xxx/CVE-2014-0171.json index a3582aaeccb..a75cc3ec42e 100644 --- a/2014/0xxx/CVE-2014-0171.json +++ b/2014/0xxx/CVE-2014-0171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.jboss.org/browse/TEIID-2911", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/TEIID-2911" - }, - { - "name" : "RHSA-2015:0034", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0034.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0034", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html" + }, + { + "name": "https://issues.jboss.org/browse/TEIID-2911", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/TEIID-2911" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1221.json b/2014/1xxx/CVE-2014-1221.json index fe25215531b..04a13f4a3f7 100644 --- a/2014/1xxx/CVE-2014-1221.json +++ b/2014/1xxx/CVE-2014-1221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1426.json b/2014/1xxx/CVE-2014-1426.json index e58a93d7707..82ee1d3156b 100644 --- a/2014/1xxx/CVE-2014-1426.json +++ b/2014/1xxx/CVE-2014-1426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1967.json b/2014/1xxx/CVE-2014-1967.json index 4af592d6e7f..ab8fcb97f6d 100644 --- a/2014/1xxx/CVE-2014-1967.json +++ b/2014/1xxx/CVE-2014-1967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://play.google.com/store/apps/details?id=jp.denimoba", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=jp.denimoba" - }, - { - "name" : "JVN#48810179", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48810179/index.html" - }, - { - "name" : "JVNDB-2014-000022", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://play.google.com/store/apps/details?id=jp.denimoba", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=jp.denimoba" + }, + { + "name": "JVNDB-2014-000022", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000022" + }, + { + "name": "JVN#48810179", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48810179/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4673.json b/2014/4xxx/CVE-2014-4673.json index 95dbeb390ff..9349afd3aaa 100644 --- a/2014/4xxx/CVE-2014-4673.json +++ b/2014/4xxx/CVE-2014-4673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5334.json b/2014/5xxx/CVE-2014-5334.json index 42b2a04c9ba..2b33163090a 100644 --- a/2014/5xxx/CVE-2014-5334.json +++ b/2014/5xxx/CVE-2014-5334.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-5334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140819 Re: FreeNAS default blank password", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/19/2" - }, - { - "name" : "https://bugs.freenas.org/issues/5844", - "refsource" : "CONFIRM", - "url" : "https://bugs.freenas.org/issues/5844" - }, - { - "name" : "69249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freenas.org/issues/5844", + "refsource": "CONFIRM", + "url": "https://bugs.freenas.org/issues/5844" + }, + { + "name": "69249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69249" + }, + { + "name": "[oss-security] 20140819 Re: FreeNAS default blank password", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/19/2" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5556.json b/2014/5xxx/CVE-2014-5556.json index aa62504dcae..d18b33aab5e 100644 --- a/2014/5xxx/CVE-2014-5556.json +++ b/2014/5xxx/CVE-2014-5556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#478657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/478657" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#478657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/478657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5826.json b/2014/5xxx/CVE-2014-5826.json index 2f8643e7079..b86a2d97c24 100644 --- a/2014/5xxx/CVE-2014-5826.json +++ b/2014/5xxx/CVE-2014-5826.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar) application 1.20.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#423041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/423041" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar) application 1.20.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#423041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/423041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5873.json b/2014/5xxx/CVE-2014-5873.json index 33197424b0c..13ba1d8bd6d 100644 --- a/2014/5xxx/CVE-2014-5873.json +++ b/2014/5xxx/CVE-2014-5873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sears (aka com.sears.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#803553", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/803553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sears (aka com.sears.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#803553", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/803553" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2069.json b/2015/2xxx/CVE-2015-2069.json index 41e37d28594..a398628df38 100644 --- a/2015/2xxx/CVE-2015-2069.json +++ b/2015/2xxx/CVE-2015-2069.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150221 WooCommerce WordPress plugin 2.2.10 Reflected XSS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/75" - }, - { - "name" : "http://packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html" - }, - { - "name" : "https://wordpress.org/plugins/woocommerce/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/woocommerce/changelog/" - }, - { - "name" : "74885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74885" + }, + { + "name": "http://packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html" + }, + { + "name": "https://wordpress.org/plugins/woocommerce/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/woocommerce/changelog/" + }, + { + "name": "20150221 WooCommerce WordPress plugin 2.2.10 Reflected XSS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/75" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2917.json b/2015/2xxx/CVE-2015-2917.json index abdd1617564..df7e40d699d 100644 --- a/2015/2xxx/CVE-2015-2917.json +++ b/2015/2xxx/CVE-2015-2917.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#906576", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/906576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#906576", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/906576" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10129.json b/2016/10xxx/CVE-2016-10129.json index 437e1813ec2..e4bce720243 100644 --- a/2016/10xxx/CVE-2016-10129.json +++ b/2016/10xxx/CVE-2016-10129.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-10129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/10/5" - }, - { - "name" : "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/11/6" - }, - { - "name" : "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a" - }, - { - "name" : "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037" - }, - { - "name" : "https://libgit2.github.com/security/", - "refsource" : "CONFIRM", - "url" : "https://libgit2.github.com/security/" - }, - { - "name" : "openSUSE-SU-2017:0397", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" - }, - { - "name" : "openSUSE-SU-2017:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" - }, - { - "name" : "openSUSE-SU-2017:0484", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" - }, - { - "name" : "95339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://libgit2.github.com/security/", + "refsource": "CONFIRM", + "url": "https://libgit2.github.com/security/" + }, + { + "name": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a" + }, + { + "name": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037" + }, + { + "name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/10/5" + }, + { + "name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/11/6" + }, + { + "name": "openSUSE-SU-2017:0397", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html" + }, + { + "name": "openSUSE-SU-2017:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html" + }, + { + "name": "95339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95339" + }, + { + "name": "openSUSE-SU-2017:0484", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10700.json b/2016/10xxx/CVE-2016-10700.json index c1004a077c3..90572fde2f2 100644 --- a/2016/10xxx/CVE-2016-10700.json +++ b/2016/10xxx/CVE-2016-10700.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.cacti.net/view.php?id=2697", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=2697" - }, - { - "name" : "http://www.cacti.net/release_notes_1_0_0.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_1_0_0.php" - }, - { - "name" : "https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846", - "refsource" : "CONFIRM", - "url" : "https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846" - }, - { - "name" : "https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697", - "refsource" : "CONFIRM", - "url" : "https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846", + "refsource": "CONFIRM", + "url": "https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846" + }, + { + "name": "http://www.cacti.net/release_notes_1_0_0.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_1_0_0.php" + }, + { + "name": "http://bugs.cacti.net/view.php?id=2697", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=2697" + }, + { + "name": "https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697", + "refsource": "CONFIRM", + "url": "https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3268.json b/2016/3xxx/CVE-2016-3268.json index f3b14438f2a..e2dc9da221b 100644 --- a/2016/3xxx/CVE-2016-3268.json +++ b/2016/3xxx/CVE-2016-3268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3268", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3268", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4439.json b/2016/4xxx/CVE-2016-4439.json index 2490015e108..47104e16238 100644 --- a/2016/4xxx/CVE-2016-4439.json +++ b/2016/4xxx/CVE-2016-4439.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/19/3" - }, - { - "name" : "[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1337502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1337502" - }, - { - "name" : "GLSA-201609-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201609-01" - }, - { - "name" : "USN-3047-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-1" - }, - { - "name" : "USN-3047-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3047-2" - }, - { - "name" : "90760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3047-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-1" + }, + { + "name": "90760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90760" + }, + { + "name": "GLSA-201609-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201609-01" + }, + { + "name": "USN-3047-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3047-2" + }, + { + "name": "[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html" + }, + { + "name": "[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/19/3" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1337502", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337502" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4486.json b/2016/4xxx/CVE-2016-4486.json index de69238f876..f1617085f16 100644 --- a/2016/4xxx/CVE-2016-4486.json +++ b/2016/4xxx/CVE-2016-4486.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46006", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46006/" - }, - { - "name" : "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/04/27" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1333316" - }, - { - "name" : "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "SUSE-SU-2016:1690", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:1696", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:1937", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" - }, - { - "name" : "openSUSE-SU-2016:1641", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:1985", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:2105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:2184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" - }, - { - "name" : "USN-2996-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2996-1" - }, - { - "name" : "USN-2997-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2997-1" - }, - { - "name" : "USN-2989-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2989-1" - }, - { - "name" : "USN-2998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2998-1" - }, - { - "name" : "USN-3000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3000-1" - }, - { - "name" : "USN-3001-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3001-1" - }, - { - "name" : "USN-3002-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3002-1" - }, - { - "name" : "USN-3003-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3003-1" - }, - { - "name" : "USN-3004-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3004-1" - }, - { - "name" : "USN-3005-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3005-1" - }, - { - "name" : "USN-3006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3006-1" - }, - { - "name" : "USN-3007-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3007-1" - }, - { - "name" : "90051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1690", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html" + }, + { + "name": "USN-3006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3006-1" + }, + { + "name": "USN-3004-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3004-1" + }, + { + "name": "USN-3001-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3001-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333316" + }, + { + "name": "SUSE-SU-2016:1696", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/5f8e44741f9f216e33736ea4ec65ca9ac03036e6" + }, + { + "name": "90051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90051" + }, + { + "name": "USN-3005-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3005-1" + }, + { + "name": "SUSE-SU-2016:1985", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" + }, + { + "name": "openSUSE-SU-2016:2184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" + }, + { + "name": "46006", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46006/" + }, + { + "name": "openSUSE-SU-2016:1641", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" + }, + { + "name": "USN-2997-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2997-1" + }, + { + "name": "USN-3000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3000-1" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-3002-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3002-1" + }, + { + "name": "USN-2996-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2996-1" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "USN-2989-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2989-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6" + }, + { + "name": "USN-3007-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3007-1" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5" + }, + { + "name": "USN-3003-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3003-1" + }, + { + "name": "SUSE-SU-2016:2105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" + }, + { + "name": "USN-2998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2998-1" + }, + { + "name": "[oss-security] 20160504 CVE Request: kernel information leak vulnerability in rtnetlink", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/04/27" + }, + { + "name": "SUSE-SU-2016:1937", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8119.json b/2016/8xxx/CVE-2016-8119.json index deb7a2447c4..d19a33d1067 100644 --- a/2016/8xxx/CVE-2016-8119.json +++ b/2016/8xxx/CVE-2016-8119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8157.json b/2016/8xxx/CVE-2016-8157.json index 512e91438cf..6a4b87ea70c 100644 --- a/2016/8xxx/CVE-2016-8157.json +++ b/2016/8xxx/CVE-2016-8157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8625.json b/2016/8xxx/CVE-2016-8625.json index 80f6de8b25e..f2d6210d993 100644 --- a/2016/8xxx/CVE-2016-8625.json +++ b/2016/8xxx/CVE-2016-8625.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.51.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Curl Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.51.0" + } + ] + } + } + ] + }, + "vendor_name": "The Curl Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_20161102K.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20161102K.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625" - }, - { - "name" : "https://curl.haxx.se/CVE-2016-8625.patch", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/CVE-2016-8625.patch" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "94107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94107" - }, - { - "name" : "1037192", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94107" + }, + { + "name": "https://curl.haxx.se/CVE-2016-8625.patch", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/CVE-2016-8625.patch" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "https://curl.haxx.se/docs/adv_20161102K.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20161102K.html" + }, + { + "name": "1037192", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037192" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8686.json b/2016/8xxx/CVE-2016-8686.json index 8f3a1a9af4c..5bca2cf9ed0 100644 --- a/2016/8xxx/CVE-2016-8686.json +++ b/2016/8xxx/CVE-2016-8686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161015 Re: potrace: memory allocation failure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/10" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/" - }, - { - "name" : "93777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93777" + }, + { + "name": "[oss-security] 20161015 Re: potrace: memory allocation failure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/10" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9648.json b/2016/9xxx/CVE-2016-9648.json index 041f7c7b610..f5b3bce985f 100644 --- a/2016/9xxx/CVE-2016-9648.json +++ b/2016/9xxx/CVE-2016-9648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9648", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9648", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9842.json b/2016/9xxx/CVE-2016-9842.json index a9bfa97769c..966fb242dc9 100644 --- a/2016/9xxx/CVE-2016-9842.json +++ b/2016/9xxx/CVE-2016-9842.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-9842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/21" - }, - { - "name" : "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", - "refsource" : "MISC", - "url" : "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib" - }, - { - "name" : "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", - "refsource" : "MISC", - "url" : "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" - }, - { - "name" : "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", - "refsource" : "CONFIRM", - "url" : "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208115", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208115" - }, - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "GLSA-201701-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-56" - }, - { - "name" : "RHSA-2017:3046", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3046" - }, - { - "name" : "RHSA-2017:3047", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3047" - }, - { - "name" : "RHSA-2017:2999", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2999" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1220", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1220" - }, - { - "name" : "RHSA-2017:1221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1221" - }, - { - "name" : "RHSA-2017:1222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1222" - }, - { - "name" : "openSUSE-SU-2016:3202", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html" - }, - { - "name" : "openSUSE-SU-2017:0077", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html" - }, - { - "name" : "openSUSE-SU-2017:0080", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html" - }, - { - "name" : "95131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95131" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1221" + }, + { + "name": "RHSA-2017:1220", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1220" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "RHSA-2017:3047", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3047" + }, + { + "name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/21" + }, + { + "name": "95131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95131" + }, + { + "name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib", + "refsource": "MISC", + "url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "RHSA-2017:3046", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3046" + }, + { + "name": "openSUSE-SU-2017:0077", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html" + }, + { + "name": "GLSA-201701-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-56" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + }, + { + "name": "RHSA-2017:1222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1222" + }, + { + "name": "openSUSE-SU-2017:0080", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", + "refsource": "CONFIRM", + "url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "https://support.apple.com/HT208115", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208115" + }, + { + "name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf", + "refsource": "MISC", + "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf" + }, + { + "name": "openSUSE-SU-2016:3202", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html" + }, + { + "name": "RHSA-2017:2999", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2999" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2222.json b/2019/2xxx/CVE-2019-2222.json index b34cf71924f..41131ccfa81 100644 --- a/2019/2xxx/CVE-2019-2222.json +++ b/2019/2xxx/CVE-2019-2222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2252.json b/2019/2xxx/CVE-2019-2252.json index 617f97ccb5e..51bd3b71736 100644 --- a/2019/2xxx/CVE-2019-2252.json +++ b/2019/2xxx/CVE-2019-2252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2252", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2252", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2693.json b/2019/2xxx/CVE-2019-2693.json index ce8f5579560..e300c0af6ae 100644 --- a/2019/2xxx/CVE-2019-2693.json +++ b/2019/2xxx/CVE-2019-2693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2836.json b/2019/2xxx/CVE-2019-2836.json index 4d1df8f060c..d9a23022508 100644 --- a/2019/2xxx/CVE-2019-2836.json +++ b/2019/2xxx/CVE-2019-2836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2836", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2836", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6013.json b/2019/6xxx/CVE-2019-6013.json index e212683b125..80ea2389790 100644 --- a/2019/6xxx/CVE-2019-6013.json +++ b/2019/6xxx/CVE-2019-6013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6313.json b/2019/6xxx/CVE-2019-6313.json index 354fccda0d2..bca08339354 100644 --- a/2019/6xxx/CVE-2019-6313.json +++ b/2019/6xxx/CVE-2019-6313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6537.json b/2019/6xxx/CVE-2019-6537.json index 1aec810961e..93639613812 100644 --- a/2019/6xxx/CVE-2019-6537.json +++ b/2019/6xxx/CVE-2019-6537.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2019-6537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WECON LeviStudioU", - "version" : { - "version_data" : [ - { - "version_value" : "LeviStudioU Versions 1.8.56 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2019-6537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WECON LeviStudioU", + "version": { + "version_data": [ + { + "version_value": "LeviStudioU Versions 1.8.56 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03" - }, - { - "name" : "106861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106861" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6548.json b/2019/6xxx/CVE-2019-6548.json index 9dd4d9445d4..3ad8d015b53 100644 --- a/2019/6xxx/CVE-2019-6548.json +++ b/2019/6xxx/CVE-2019-6548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6638.json b/2019/6xxx/CVE-2019-6638.json index 6a62e5f8f6b..611e3c3d66f 100644 --- a/2019/6xxx/CVE-2019-6638.json +++ b/2019/6xxx/CVE-2019-6638.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6638", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6638", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7121.json b/2019/7xxx/CVE-2019-7121.json index 5fbd866860d..6cc62c53f85 100644 --- a/2019/7xxx/CVE-2019-7121.json +++ b/2019/7xxx/CVE-2019-7121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7180.json b/2019/7xxx/CVE-2019-7180.json index 80cc0129493..1daf32d9ed4 100644 --- a/2019/7xxx/CVE-2019-7180.json +++ b/2019/7xxx/CVE-2019-7180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7780.json b/2019/7xxx/CVE-2019-7780.json index a3fe43e7176..c44bda96f26 100644 --- a/2019/7xxx/CVE-2019-7780.json +++ b/2019/7xxx/CVE-2019-7780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7780", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7780", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7900.json b/2019/7xxx/CVE-2019-7900.json index c9676623eea..ebcebe72dc9 100644 --- a/2019/7xxx/CVE-2019-7900.json +++ b/2019/7xxx/CVE-2019-7900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file