From fd81d1ecde89b26e2af4f403fdeb1d53b15a7eb8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:35:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2420.json | 160 +++++++++--------- 2007/3xxx/CVE-2007-3284.json | 140 ++++++++-------- 2007/3xxx/CVE-2007-3445.json | 140 ++++++++-------- 2007/4xxx/CVE-2007-4004.json | 200 +++++++++++----------- 2007/4xxx/CVE-2007-4010.json | 140 ++++++++-------- 2007/4xxx/CVE-2007-4078.json | 160 +++++++++--------- 2007/4xxx/CVE-2007-4223.json | 170 +++++++++---------- 2007/6xxx/CVE-2007-6430.json | 260 ++++++++++++++--------------- 2007/6xxx/CVE-2007-6547.json | 170 +++++++++---------- 2010/1xxx/CVE-2010-1249.json | 170 +++++++++---------- 2010/1xxx/CVE-2010-1431.json | 260 ++++++++++++++--------------- 2010/1xxx/CVE-2010-1720.json | 170 +++++++++---------- 2010/1xxx/CVE-2010-1890.json | 130 +++++++-------- 2010/5xxx/CVE-2010-5076.json | 200 +++++++++++----------- 2010/5xxx/CVE-2010-5272.json | 130 +++++++-------- 2014/0xxx/CVE-2014-0374.json | 170 +++++++++---------- 2014/1xxx/CVE-2014-1451.json | 34 ++-- 2014/1xxx/CVE-2014-1609.json | 180 ++++++++++---------- 2014/1xxx/CVE-2014-1632.json | 150 ++++++++--------- 2014/1xxx/CVE-2014-1732.json | 190 ++++++++++----------- 2014/5xxx/CVE-2014-5125.json | 34 ++-- 2014/5xxx/CVE-2014-5268.json | 130 +++++++-------- 2014/5xxx/CVE-2014-5770.json | 140 ++++++++-------- 2014/5xxx/CVE-2014-5796.json | 140 ++++++++-------- 2015/2xxx/CVE-2015-2288.json | 34 ++-- 2015/2xxx/CVE-2015-2623.json | 130 +++++++-------- 2015/2xxx/CVE-2015-2812.json | 150 ++++++++--------- 2015/6xxx/CVE-2015-6094.json | 160 +++++++++--------- 2015/6xxx/CVE-2015-6172.json | 130 +++++++-------- 2016/1000xxx/CVE-2016-1000027.json | 34 ++-- 2016/10xxx/CVE-2016-10101.json | 130 +++++++-------- 2016/10xxx/CVE-2016-10351.json | 130 +++++++-------- 2016/10xxx/CVE-2016-10417.json | 132 +++++++-------- 2016/10xxx/CVE-2016-10508.json | 120 ++++++------- 2016/4xxx/CVE-2016-4362.json | 120 ++++++------- 2016/4xxx/CVE-2016-4818.json | 160 +++++++++--------- 2016/4xxx/CVE-2016-4847.json | 150 ++++++++--------- 2016/8xxx/CVE-2016-8239.json | 34 ++-- 2016/8xxx/CVE-2016-8273.json | 120 ++++++------- 2016/8xxx/CVE-2016-8364.json | 130 +++++++-------- 2016/9xxx/CVE-2016-9083.json | 190 ++++++++++----------- 2016/9xxx/CVE-2016-9303.json | 130 +++++++-------- 2016/9xxx/CVE-2016-9511.json | 34 ++-- 2016/9xxx/CVE-2016-9891.json | 170 +++++++++---------- 2016/9xxx/CVE-2016-9997.json | 140 ++++++++-------- 2019/2xxx/CVE-2019-2496.json | 180 ++++++++++---------- 2019/2xxx/CVE-2019-2602.json | 34 ++-- 2019/2xxx/CVE-2019-2737.json | 34 ++-- 2019/2xxx/CVE-2019-2739.json | 34 ++-- 2019/3xxx/CVE-2019-3075.json | 34 ++-- 2019/3xxx/CVE-2019-3291.json | 34 ++-- 2019/3xxx/CVE-2019-3763.json | 34 ++-- 2019/6xxx/CVE-2019-6606.json | 34 ++-- 2019/6xxx/CVE-2019-6792.json | 34 ++-- 2019/6xxx/CVE-2019-6910.json | 34 ++-- 2019/7xxx/CVE-2019-7434.json | 34 ++-- 2019/7xxx/CVE-2019-7453.json | 34 ++-- 2019/7xxx/CVE-2019-7597.json | 34 ++-- 2019/7xxx/CVE-2019-7929.json | 34 ++-- 59 files changed, 3459 insertions(+), 3459 deletions(-) diff --git a/2007/2xxx/CVE-2007-2420.json b/2007/2xxx/CVE-2007-2420.json index 07b2cfb2485..d4e4b61677d 100644 --- a/2007/2xxx/CVE-2007-2420.json +++ b/2007/2xxx/CVE-2007-2420.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070426 Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466967/100/0/threaded" - }, - { - "name" : "23678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23678" - }, - { - "name" : "35666", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35666" - }, - { - "name" : "25158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25158" - }, - { - "name" : "burakyilmazblog-bry-sql-injection(33945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "burakyilmazblog-bry-sql-injection(33945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33945" + }, + { + "name": "23678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23678" + }, + { + "name": "25158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25158" + }, + { + "name": "20070426 Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466967/100/0/threaded" + }, + { + "name": "35666", + "refsource": "OSVDB", + "url": "http://osvdb.org/35666" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3284.json b/2007/3xxx/CVE-2007-3284.json index 9bc96693548..11ff985b37f 100644 --- a/2007/3xxx/CVE-2007-3284.json +++ b/2007/3xxx/CVE-2007-3284.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html" - }, - { - "name" : "24497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24497" - }, - { - "name" : "38869", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html" + }, + { + "name": "38869", + "refsource": "OSVDB", + "url": "http://osvdb.org/38869" + }, + { + "name": "24497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24497" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3445.json b/2007/3xxx/CVE-2007-3445.json index 9693db204a5..41036a9be67 100644 --- a/2007/3xxx/CVE-2007-3445.json +++ b/2007/3xxx/CVE-2007-3445.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=216&", - "refsource" : "MISC", - "url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=216&" - }, - { - "name" : "45404", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45404" - }, - { - "name" : "sjphone-sip-invite-dos(35076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45404", + "refsource": "OSVDB", + "url": "http://osvdb.org/45404" + }, + { + "name": "sjphone-sip-invite-dos(35076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35076" + }, + { + "name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=216&", + "refsource": "MISC", + "url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=216&" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4004.json b/2007/4xxx/CVE-2007-4004.json index 3f880bf523c..15e8e95c2f6 100644 --- a/2007/4xxx/CVE-2007-4004.json +++ b/2007/4xxx/CVE-2007-4004.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070726 IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=571" - }, - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IZ01812", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01812" - }, - { - "name" : "IZ01813", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01813" - }, - { - "name" : "25077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25077" - }, - { - "name" : "ADV-2007-2675", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2675" - }, - { - "name" : "1018465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018465" - }, - { - "name" : "26219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26219" - }, - { - "name" : "aix-ftp-bo(35627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26219" + }, + { + "name": "1018465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018465" + }, + { + "name": "20070726 IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=571" + }, + { + "name": "IZ01812", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01812" + }, + { + "name": "aix-ftp-bo(35627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35627" + }, + { + "name": "25077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25077" + }, + { + "name": "IZ01813", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01813" + }, + { + "name": "ADV-2007-2675", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2675" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4010.json b/2007/4xxx/CVE-2007-4010.json index 50700935fbd..8afe7cac3a1 100644 --- a/2007/4xxx/CVE-2007-4010.json +++ b/2007/4xxx/CVE-2007-4010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4218", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4218" - }, - { - "name" : "25041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25041" - }, - { - "name" : "win32std-winshellexecute-security-bypass(35604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win32std-winshellexecute-security-bypass(35604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35604" + }, + { + "name": "25041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25041" + }, + { + "name": "4218", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4218" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4078.json b/2007/4xxx/CVE-2007-4078.json index 29e1fb8efda..cd87692c46a 100644 --- a/2007/4xxx/CVE-2007-4078.json +++ b/2007/4xxx/CVE-2007-4078.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" - }, - { - "name" : "25023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25023" - }, - { - "name" : "37447", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37447" - }, - { - "name" : "37448", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37448" - }, - { - "name" : "37449", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37449", + "refsource": "OSVDB", + "url": "http://osvdb.org/37449" + }, + { + "name": "37448", + "refsource": "OSVDB", + "url": "http://osvdb.org/37448" + }, + { + "name": "25023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25023" + }, + { + "name": "37447", + "refsource": "OSVDB", + "url": "http://osvdb.org/37447" + }, + { + "name": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4223.json b/2007/4xxx/CVE-2007-4223.json index d472db4d51b..a4e8d98fc36 100644 --- a/2007/4xxx/CVE-2007-4223.json +++ b/2007/4xxx/CVE-2007-4223.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071106 Microsoft DebugView Privilege Escalation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=621" - }, - { - "name" : "26359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26359" - }, - { - "name" : "ADV-2007-3756", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3756" - }, - { - "name" : "1018903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018903" - }, - { - "name" : "27552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27552" - }, - { - "name" : "microsoft-debugview-privilege-escalation(38292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071106 Microsoft DebugView Privilege Escalation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=621" + }, + { + "name": "27552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27552" + }, + { + "name": "microsoft-debugview-privilege-escalation(38292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38292" + }, + { + "name": "26359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26359" + }, + { + "name": "1018903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018903" + }, + { + "name": "ADV-2007-3756", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3756" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6430.json b/2007/6xxx/CVE-2007-6430.json index 3bce524c245..f44fc60093c 100644 --- a/2007/6xxx/CVE-2007-6430.json +++ b/2007/6xxx/CVE-2007-6430.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485287/100/0/threaded" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2007-027.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2007-027.html" - }, - { - "name" : "DSA-1525", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1525" - }, - { - "name" : "GLSA-200804-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-13.xml" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "26928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26928" - }, - { - "name" : "ADV-2007-4260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4260" - }, - { - "name" : "39519", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/39519" - }, - { - "name" : "1019110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019110" - }, - { - "name" : "28149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28149" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29456" - }, - { - "name" : "29782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29782" - }, - { - "name" : "3467", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3467" - }, - { - "name" : "asterisk-registration-security-bypass(39124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28149" + }, + { + "name": "29782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29782" + }, + { + "name": "GLSA-200804-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "ADV-2007-4260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4260" + }, + { + "name": "DSA-1525", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1525" + }, + { + "name": "3467", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3467" + }, + { + "name": "39519", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/39519" + }, + { + "name": "1019110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019110" + }, + { + "name": "asterisk-registration-security-bypass(39124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124" + }, + { + "name": "29456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29456" + }, + { + "name": "26928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26928" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2007-027.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2007-027.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6547.json b/2007/6xxx/CVE-2007-6547.json index bc8d77f9638..ce4f13c69ed 100644 --- a/2007/6xxx/CVE-2007-6547.json +++ b/2007/6xxx/CVE-2007-6547.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485512/100/0/threaded" - }, - { - "name" : "4790", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4790" - }, - { - "name" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", - "refsource" : "MISC", - "url" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" - }, - { - "name" : "27019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27019" - }, - { - "name" : "41246", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41246" - }, - { - "name" : "3493", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4790", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4790" + }, + { + "name": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", + "refsource": "MISC", + "url": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" + }, + { + "name": "27019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27019" + }, + { + "name": "41246", + "refsource": "OSVDB", + "url": "http://osvdb.org/41246" + }, + { + "name": "3493", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3493" + }, + { + "name": "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485512/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1249.json b/2010/1xxx/CVE-2010-1249.json index 15ba72f1839..dd194514d37 100644 --- a/2010/1xxx/CVE-2010-1249.json +++ b/2010/1xxx/CVE-2010-1249.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0823 and CVE-2010-1247." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511767/100/0/threaded" - }, - { - "name" : "MS10-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" - }, - { - "name" : "TA10-159B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" - }, - { - "name" : "40527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40527" - }, - { - "name" : "65232", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65232" - }, - { - "name" : "oval:org.mitre.oval:def:6634", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka \"Excel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0823 and CVE-2010-1247." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40527" + }, + { + "name": "20100608 VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511767/100/0/threaded" + }, + { + "name": "65232", + "refsource": "OSVDB", + "url": "http://osvdb.org/65232" + }, + { + "name": "MS10-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" + }, + { + "name": "oval:org.mitre.oval:def:6634", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6634" + }, + { + "name": "TA10-159B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1431.json b/2010/1xxx/CVE-2010-1431.json index c0e73ef17f1..eba7cb42de7 100644 --- a/2010/1xxx/CVE-2010-1431.json +++ b/2010/1xxx/CVE-2010-1431.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Apr/272" - }, - { - "name" : "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909" - }, - { - "name" : "http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch" - }, - { - "name" : "DSA-2039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2039" - }, - { - "name" : "MDVSA-2010:092", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:092" - }, - { - "name" : "RHSA-2010:0635", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "39653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39653" - }, - { - "name" : "39568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39568" - }, - { - "name" : "39572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39572" - }, - { - "name" : "41041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41041" - }, - { - "name" : "ADV-2010-0986", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0986" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - }, - { - "name" : "ADV-2010-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Apr/272" + }, + { + "name": "ADV-2010-0986", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0986" + }, + { + "name": "DSA-2039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2039" + }, + { + "name": "http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "41041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41041" + }, + { + "name": "39568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39568" + }, + { + "name": "RHSA-2010:0635", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html" + }, + { + "name": "MDVSA-2010:092", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:092" + }, + { + "name": "ADV-2010-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2132" + }, + { + "name": "39653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39653" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909" + }, + { + "name": "39572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39572" + }, + { + "name": "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf", + "refsource": "MISC", + "url": "http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1720.json b/2010/1xxx/CVE-2010-1720.json index 83bfca3f426..b0fb92e6ebe 100644 --- a/2010/1xxx/CVE-2010-1720.json +++ b/2010/1xxx/CVE-2010-1720.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12200", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12200" - }, - { - "name" : "http://www.xenuser.org/documents/security/qpersonel_sql.txt", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/documents/security/qpersonel_sql.txt" - }, - { - "name" : "39466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39466" - }, - { - "name" : "63894", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63894" - }, - { - "name" : "39445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39445" - }, - { - "name" : "qpersonel-index-sql-injection(57775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39466" + }, + { + "name": "12200", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12200" + }, + { + "name": "qpersonel-index-sql-injection(57775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57775" + }, + { + "name": "63894", + "refsource": "OSVDB", + "url": "http://osvdb.org/63894" + }, + { + "name": "http://www.xenuser.org/documents/security/qpersonel_sql.txt", + "refsource": "MISC", + "url": "http://www.xenuser.org/documents/security/qpersonel_sql.txt" + }, + { + "name": "39445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39445" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1890.json b/2010/1xxx/CVE-2010-1890.json index 181d4833e7c..80fd4e1e1f3 100644 --- a/2010/1xxx/CVE-2010-1890.json +++ b/2010/1xxx/CVE-2010-1890.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka \"Windows Kernel Improper Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-1890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" - }, - { - "name" : "oval:org.mitre.oval:def:11789", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka \"Windows Kernel Improper Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-047" + }, + { + "name": "oval:org.mitre.oval:def:11789", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11789" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5076.json b/2010/5xxx/CVE-2010-5076.json index d81154b67e9..02832080cdd 100644 --- a/2010/5xxx/CVE-2010-5076.json +++ b/2010/5xxx/CVE-2010-5076.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-5076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt", - "refsource" : "MISC", - "url" : "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt" - }, - { - "name" : "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0", - "refsource" : "CONFIRM", - "url" : "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0" - }, - { - "name" : "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e", - "refsource" : "CONFIRM", - "url" : "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e" - }, - { - "name" : "https://bugreports.qt-project.org/browse/QTBUG-4455", - "refsource" : "CONFIRM", - "url" : "https://bugreports.qt-project.org/browse/QTBUG-4455" - }, - { - "name" : "RHSA-2012:0880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0880.html" - }, - { - "name" : "USN-1504-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1504-1" - }, - { - "name" : "41236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41236" - }, - { - "name" : "49604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49604" - }, - { - "name" : "49895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1504-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1504-1" + }, + { + "name": "49895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49895" + }, + { + "name": "RHSA-2012:0880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0880.html" + }, + { + "name": "41236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41236" + }, + { + "name": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e", + "refsource": "CONFIRM", + "url": "http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e" + }, + { + "name": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0", + "refsource": "CONFIRM", + "url": "http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0" + }, + { + "name": "49604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49604" + }, + { + "name": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt", + "refsource": "MISC", + "url": "http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt" + }, + { + "name": "https://bugreports.qt-project.org/browse/QTBUG-4455", + "refsource": "CONFIRM", + "url": "https://bugreports.qt-project.org/browse/QTBUG-4455" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5272.json b/2010/5xxx/CVE-2010-5272.json index a968d609546..9546bd5588e 100644 --- a/2010/5xxx/CVE-2010-5272.json +++ b/2010/5xxx/CVE-2010-5272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .qprj file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/altova-databasespy-2011-dwmapi-dll-hijacking-exploit-10-5", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/altova-databasespy-2011-dwmapi-dll-hijacking-exploit-10-5" - }, - { - "name" : "42548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Altova DatabaseSpy 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .qprj file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.coresecurity.com/content/altova-databasespy-2011-dwmapi-dll-hijacking-exploit-10-5", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/altova-databasespy-2011-dwmapi-dll-hijacking-exploit-10-5" + }, + { + "name": "42548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42548" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0374.json b/2014/0xxx/CVE-2014-0374.json index 7d554c3cef6..63a250a850a 100644 --- a/2014/0xxx/CVE-2014-0374.json +++ b/2014/0xxx/CVE-2014-0374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64830" - }, - { - "name" : "102093", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102093" - }, - { - "name" : "1029613", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029613" - }, - { - "name" : "56464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56464" + }, + { + "name": "1029613", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029613" + }, + { + "name": "64830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64830" + }, + { + "name": "102093", + "refsource": "OSVDB", + "url": "http://osvdb.org/102093" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1451.json b/2014/1xxx/CVE-2014-1451.json index 4b352bf620a..aaa3c106fea 100644 --- a/2014/1xxx/CVE-2014-1451.json +++ b/2014/1xxx/CVE-2014-1451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1609.json b/2014/1xxx/CVE-2014-1609.json index ead2cc66681..b444fd804f1 100644 --- a/2014/1xxx/CVE-2014-1609.json +++ b/2014/1xxx/CVE-2014-1609.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ocert.org/advisories/ocert-2014-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2014-001.html" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=16880", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=16880" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063111", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1063111" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f" - }, - { - "name" : "DSA-3030", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3030" - }, - { - "name" : "65461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65461" - }, - { - "name" : "61432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65461" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1063111", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063111" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2014-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2014-001.html" + }, + { + "name": "DSA-3030", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3030" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f" + }, + { + "name": "61432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61432" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=16880", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=16880" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1632.json b/2014/1xxx/CVE-2014-1632.json index 634d8610343..6a4f3be9e69 100644 --- a/2014/1xxx/CVE-2014-1632.json +++ b/2014/1xxx/CVE-2014-1632.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140127 Multiple Vulnerabilities in Eventum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530891/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23198", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23198" - }, - { - "name" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", - "refsource" : "CONFIRM", - "url" : "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665" - }, - { - "name" : "https://bugs.launchpad.net/eventum/+bug/1271499", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/eventum/+bug/1271499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140127 Multiple Vulnerabilities in Eventum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530891/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23198", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23198" + }, + { + "name": "https://bugs.launchpad.net/eventum/+bug/1271499", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/eventum/+bug/1271499" + }, + { + "name": "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665", + "refsource": "CONFIRM", + "url": "http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1732.json b/2014/1xxx/CVE-2014-1732.json index f3f3887ca44..a419e6d1955 100644 --- a/2014/1xxx/CVE-2014-1732.json +++ b/2014/1xxx/CVE-2014-1732.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=352851", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=352851" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=261737&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=261737&view=revision" - }, - { - "name" : "DSA-2920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2920" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "openSUSE-SU-2014:0668", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" - }, - { - "name" : "openSUSE-SU-2014:0669", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" - }, - { - "name" : "58301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58301" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=352851", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=352851" + }, + { + "name": "openSUSE-SU-2014:0669", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "openSUSE-SU-2014:0668", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html" + }, + { + "name": "DSA-2920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2920" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?revision=261737&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=261737&view=revision" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5125.json b/2014/5xxx/CVE-2014-5125.json index 70bfac821a1..8605ae6ceb0 100644 --- a/2014/5xxx/CVE-2014-5125.json +++ b/2014/5xxx/CVE-2014-5125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5268.json b/2014/5xxx/CVE-2014-5268.json index d0be919a2d4..2b4aed1905c 100644 --- a/2014/5xxx/CVE-2014-5268.json +++ b/2014/5xxx/CVE-2014-5268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2316747", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2316747" - }, - { - "name" : "https://www.drupal.org/node/2316065", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2316065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2316747", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2316747" + }, + { + "name": "https://www.drupal.org/node/2316065", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2316065" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5770.json b/2014/5xxx/CVE-2014-5770.json index 1e6798c05d2..b244a295bd4 100644 --- a/2014/5xxx/CVE-2014-5770.json +++ b/2014/5xxx/CVE-2014-5770.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#718105", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/718105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#718105", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/718105" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5796.json b/2014/5xxx/CVE-2014-5796.json index 53e46b6a3e7..1dc47082da3 100644 --- a/2014/5xxx/CVE-2014-5796.json +++ b/2014/5xxx/CVE-2014-5796.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#304505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/304505" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#304505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/304505" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2288.json b/2015/2xxx/CVE-2015-2288.json index a181c164299..a445e8e3356 100644 --- a/2015/2xxx/CVE-2015-2288.json +++ b/2015/2xxx/CVE-2015-2288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2623.json b/2015/2xxx/CVE-2015-2623.json index e527916d710..d8d69906aa9 100644 --- a/2015/2xxx/CVE-2015-2623.json +++ b/2015/2xxx/CVE-2015-2623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032953" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2812.json b/2015/2xxx/CVE-2015-2812.json index 5c90e761ec2..3524a735ad3 100644 --- a/2015/2xxx/CVE-2015-2812.json +++ b/2015/2xxx/CVE-2015-2812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535826/100/800/threaded" - }, - { - "name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/62" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/" - }, - { - "name" : "http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150625 [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535826/100/800/threaded" + }, + { + "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/62" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/" + }, + { + "name": "http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6094.json b/2015/6xxx/CVE-2015-6094.json index ecacb99fd83..770c401fdf0 100644 --- a/2015/6xxx/CVE-2015-6094.json +++ b/2015/6xxx/CVE-2015-6094.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-546", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-546" - }, - { - "name" : "MS15-116", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116" - }, - { - "name" : "77490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77490" - }, - { - "name" : "1034118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034118" - }, - { - "name" : "1034122", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034122", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034122" + }, + { + "name": "MS15-116", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-546", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-546" + }, + { + "name": "1034118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034118" + }, + { + "name": "77490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77490" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6172.json b/2015/6xxx/CVE-2015-6172.json index a69bae85bd1..786062e6836 100644 --- a/2015/6xxx/CVE-2015-6172.json +++ b/2015/6xxx/CVE-2015-6172.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-131", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131" - }, - { - "name" : "1034325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-131", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131" + }, + { + "name": "1034325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034325" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000027.json b/2016/1000xxx/CVE-2016-1000027.json index 6c61cf187fa..2b3621cc17a 100644 --- a/2016/1000xxx/CVE-2016-1000027.json +++ b/2016/1000xxx/CVE-2016-1000027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10101.json b/2016/10xxx/CVE-2016-10101.json index fd96b7e1a1b..7b356bda642 100644 --- a/2016/10xxx/CVE-2016-10101.json +++ b/2016/10xxx/CVE-2016-10101.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rastamouse.me/guff/2016/automize/", - "refsource" : "MISC", - "url" : "https://rastamouse.me/guff/2016/automize/" - }, - { - "name" : "96840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rastamouse.me/guff/2016/automize/", + "refsource": "MISC", + "url": "https://rastamouse.me/guff/2016/automize/" + }, + { + "name": "96840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96840" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10351.json b/2016/10xxx/CVE-2016-10351.json index ffff6512cb9..36d8cdd5310 100644 --- a/2016/10xxx/CVE-2016-10351.json +++ b/2016/10xxx/CVE-2016-10351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/telegramdesktop/tdesktop/issues/2666", - "refsource" : "MISC", - "url" : "https://github.com/telegramdesktop/tdesktop/issues/2666" - }, - { - "name" : "https://github.com/telegramdesktop/tdesktop/pull/3842/commits/388703b9ca1912a5438e37f9dd54c35805f2c594", - "refsource" : "CONFIRM", - "url" : "https://github.com/telegramdesktop/tdesktop/pull/3842/commits/388703b9ca1912a5438e37f9dd54c35805f2c594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/telegramdesktop/tdesktop/issues/2666", + "refsource": "MISC", + "url": "https://github.com/telegramdesktop/tdesktop/issues/2666" + }, + { + "name": "https://github.com/telegramdesktop/tdesktop/pull/3842/commits/388703b9ca1912a5438e37f9dd54c35805f2c594", + "refsource": "CONFIRM", + "url": "https://github.com/telegramdesktop/tdesktop/pull/3842/commits/388703b9ca1912a5438e37f9dd54c35805f2c594" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10417.json b/2016/10xxx/CVE-2016-10417.json index cd0729deb31..88c087460c2 100644 --- a/2016/10xxx/CVE-2016-10417.json +++ b/2016/10xxx/CVE-2016-10417.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10508.json b/2016/10xxx/CVE-2016-10508.json index cfdf89c7366..e72436a90e8 100644 --- a/2016/10xxx/CVE-2016-10508.json +++ b/2016/10xxx/CVE-2016-10508.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JamesHeinrich/phpThumb/commit/162ae709162be3e6c4d942313a278ca5cbdb8e92", - "refsource" : "CONFIRM", - "url" : "https://github.com/JamesHeinrich/phpThumb/commit/162ae709162be3e6c4d942313a278ca5cbdb8e92" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JamesHeinrich/phpThumb/commit/162ae709162be3e6c4d942313a278ca5cbdb8e92", + "refsource": "CONFIRM", + "url": "https://github.com/JamesHeinrich/phpThumb/commit/162ae709162be3e6c4d942313a278ca5cbdb8e92" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4362.json b/2016/4xxx/CVE-2016-4362.json index f4ececb01ec..36b46aa2c9b 100644 --- a/2016/4xxx/CVE-2016-4362.json +++ b/2016/4xxx/CVE-2016-4362.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150800" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4818.json b/2016/4xxx/CVE-2016-4818.json index 35d704df5e6..b5c10614e4b 100644 --- a/2016/4xxx/CVE-2016-4818.json +++ b/2016/4xxx/CVE-2016-4818.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fx.dmm.com/information/press/2016/2016053001/", - "refsource" : "CONFIRM", - "url" : "http://fx.dmm.com/information/press/2016/2016053001/" - }, - { - "name" : "http://www.gaitamejapan.com/support/news/2016/2016053001/", - "refsource" : "CONFIRM", - "url" : "http://www.gaitamejapan.com/support/news/2016/2016053001/" - }, - { - "name" : "https://jvn.jp/en/jp/JVN40898764/995849/index.html", - "refsource" : "CONFIRM", - "url" : "https://jvn.jp/en/jp/JVN40898764/995849/index.html" - }, - { - "name" : "JVN#40898764", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN40898764/index.html" - }, - { - "name" : "JVNDB-2016-000092", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gaitamejapan.com/support/news/2016/2016053001/", + "refsource": "CONFIRM", + "url": "http://www.gaitamejapan.com/support/news/2016/2016053001/" + }, + { + "name": "JVNDB-2016-000092", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html" + }, + { + "name": "JVN#40898764", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN40898764/index.html" + }, + { + "name": "http://fx.dmm.com/information/press/2016/2016053001/", + "refsource": "CONFIRM", + "url": "http://fx.dmm.com/information/press/2016/2016053001/" + }, + { + "name": "https://jvn.jp/en/jp/JVN40898764/995849/index.html", + "refsource": "CONFIRM", + "url": "https://jvn.jp/en/jp/JVN40898764/995849/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4847.json b/2016/4xxx/CVE-2016-4847.json index 5e2a55b1ad5..312e3bc8bbd 100644 --- a/2016/4xxx/CVE-2016-4847.json +++ b/2016/4xxx/CVE-2016-4847.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ossec/ossec-wui/commit/b4dcbba7a8eb09ba9d38fc69807a8861255736d0", - "refsource" : "CONFIRM", - "url" : "https://github.com/ossec/ossec-wui/commit/b4dcbba7a8eb09ba9d38fc69807a8861255736d0" - }, - { - "name" : "JVN#58455472", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN58455472/index.html" - }, - { - "name" : "JVNDB-2016-000141", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000141.html" - }, - { - "name" : "92536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ossec/ossec-wui/commit/b4dcbba7a8eb09ba9d38fc69807a8861255736d0", + "refsource": "CONFIRM", + "url": "https://github.com/ossec/ossec-wui/commit/b4dcbba7a8eb09ba9d38fc69807a8861255736d0" + }, + { + "name": "92536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92536" + }, + { + "name": "JVNDB-2016-000141", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000141.html" + }, + { + "name": "JVN#58455472", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN58455472/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8239.json b/2016/8xxx/CVE-2016-8239.json index dacb1b32916..0441dfff864 100644 --- a/2016/8xxx/CVE-2016-8239.json +++ b/2016/8xxx/CVE-2016-8239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8239", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8239", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8273.json b/2016/8xxx/CVE-2016-8273.json index 1c0f82f633d..c3179b81ac1 100644 --- a/2016/8xxx/CVE-2016-8273.json +++ b/2016/8xxx/CVE-2016-8273.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2016-8273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HiSuite 4.0.5.300_OVE", - "version" : { - "version_data" : [ - { - "version_value" : "HiSuite 4.0.5.300_OVE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "a man-in-the-middle (MITM)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2016-8273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HiSuite 4.0.5.300_OVE", + "version": { + "version_data": [ + { + "version_value": "HiSuite 4.0.5.300_OVE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "a man-in-the-middle (MITM)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8364.json b/2016/8xxx/CVE-2016-8364.json index 5bdce8cc32d..5c99624a814 100644 --- a/2016/8xxx/CVE-2016-8364.json +++ b/2016/8xxx/CVE-2016-8364.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-8364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IBHsoftec S7-SoftPLC CPX43 prior to 4.12b", - "version" : { - "version_data" : [ - { - "version_value" : "IBHsoftec S7-SoftPLC CPX43 prior to 4.12b" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-8364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IBHsoftec S7-SoftPLC CPX43 prior to 4.12b", + "version": { + "version_data": [ + { + "version_value": "IBHsoftec S7-SoftPLC CPX43 prior to 4.12b" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02" - }, - { - "name" : "94054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94054" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9083.json b/2016/9xxx/CVE-2016-9083.json index 3ad32d0eb39..9a3d4d092e8 100644 --- a/2016/9xxx/CVE-2016-9083.json +++ b/2016/9xxx/CVE-2016-9083.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a \"state machine confusion bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161027 kernel: low-severity vfio driver integer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/26/11" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1389258", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1389258" - }, - { - "name" : "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a" - }, - { - "name" : "https://patchwork.kernel.org/patch/9373631/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/patch/9373631/" - }, - { - "name" : "RHSA-2017:0386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0386.html" - }, - { - "name" : "RHSA-2017:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0387.html" - }, - { - "name" : "93929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a \"state machine confusion bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161027 kernel: low-severity vfio driver integer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/26/11" + }, + { + "name": "https://patchwork.kernel.org/patch/9373631/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/patch/9373631/" + }, + { + "name": "RHSA-2017:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1389258", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389258" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a" + }, + { + "name": "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a" + }, + { + "name": "RHSA-2017:0386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html" + }, + { + "name": "93929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93929" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9303.json b/2016/9xxx/CVE-2016-9303.json index e7518937f50..edfcbd1adcc 100644 --- a/2016/9xxx/CVE-2016-9303.json +++ b/2016/9xxx/CVE-2016-9303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", - "refsource" : "CONFIRM", - "url" : "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" - }, - { - "name" : "95805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", + "refsource": "CONFIRM", + "url": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01" + }, + { + "name": "95805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95805" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9511.json b/2016/9xxx/CVE-2016-9511.json index 99fe81e54bd..20600771d35 100644 --- a/2016/9xxx/CVE-2016-9511.json +++ b/2016/9xxx/CVE-2016-9511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9511", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9511", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9891.json b/2016/9xxx/CVE-2016-9891.json index 49adea6f36d..0c82e2941df 100644 --- a/2016/9xxx/CVE-2016-9891.json +++ b/2016/9xxx/CVE-2016-9891.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://smarterbitbybit.com/cve-2016-9891-dotclear-xss-vulnerability-in-version-2-10-4/", - "refsource" : "MISC", - "url" : "https://smarterbitbybit.com/cve-2016-9891-dotclear-xss-vulnerability-in-version-2-10-4/" - }, - { - "name" : "https://dev.dotclear.org/2.0/changeset/5536ac77e915", - "refsource" : "CONFIRM", - "url" : "https://dev.dotclear.org/2.0/changeset/5536ac77e915" - }, - { - "name" : "https://dev.dotclear.org/2.0/ticket/2224", - "refsource" : "CONFIRM", - "url" : "https://dev.dotclear.org/2.0/ticket/2224" - }, - { - "name" : "https://dotclear.org/blog/post/2016/12/28/Dotclear-2.11", - "refsource" : "CONFIRM", - "url" : "https://dotclear.org/blog/post/2016/12/28/Dotclear-2.11" - }, - { - "name" : "https://hg.dotclear.org/dotclear/rev/712559193a6e", - "refsource" : "CONFIRM", - "url" : "https://hg.dotclear.org/dotclear/rev/712559193a6e" - }, - { - "name" : "95156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dev.dotclear.org/2.0/ticket/2224", + "refsource": "CONFIRM", + "url": "https://dev.dotclear.org/2.0/ticket/2224" + }, + { + "name": "95156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95156" + }, + { + "name": "https://hg.dotclear.org/dotclear/rev/712559193a6e", + "refsource": "CONFIRM", + "url": "https://hg.dotclear.org/dotclear/rev/712559193a6e" + }, + { + "name": "https://dev.dotclear.org/2.0/changeset/5536ac77e915", + "refsource": "CONFIRM", + "url": "https://dev.dotclear.org/2.0/changeset/5536ac77e915" + }, + { + "name": "https://dotclear.org/blog/post/2016/12/28/Dotclear-2.11", + "refsource": "CONFIRM", + "url": "https://dotclear.org/blog/post/2016/12/28/Dotclear-2.11" + }, + { + "name": "https://smarterbitbybit.com/cve-2016-9891-dotclear-xss-vulnerability-in-version-2-10-4/", + "refsource": "MISC", + "url": "https://smarterbitbybit.com/cve-2016-9891-dotclear-xss-vulnerability-in-version-2-10-4/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9997.json b/2016/9xxx/CVE-2016-9997.json index 24bf04d764e..fdf9894da83 100644 --- a/2016/9xxx/CVE-2016-9997.json +++ b/2016/9xxx/CVE-2016-9997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/23288", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/23288" - }, - { - "name" : "95008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95008" - }, - { - "name" : "1037486", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95008" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/23288", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/23288" + }, + { + "name": "1037486", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037486" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2496.json b/2019/2xxx/CVE-2019-2496.json index dd5ff537137..e12c46be3de 100644 --- a/2019/2xxx/CVE-2019-2496.json +++ b/2019/2xxx/CVE-2019-2496.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CRM Technical Foundation", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - }, - { - "version_affected" : "=", - "version_value" : "12.2.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + }, + { + "version_affected": "=", + "version_value": "12.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106620" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2602.json b/2019/2xxx/CVE-2019-2602.json index 800c71ec206..e7e42b61292 100644 --- a/2019/2xxx/CVE-2019-2602.json +++ b/2019/2xxx/CVE-2019-2602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2737.json b/2019/2xxx/CVE-2019-2737.json index 669c6e36e1d..0bd11f9ac65 100644 --- a/2019/2xxx/CVE-2019-2737.json +++ b/2019/2xxx/CVE-2019-2737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2739.json b/2019/2xxx/CVE-2019-2739.json index 7a06d3b31d8..891db10278c 100644 --- a/2019/2xxx/CVE-2019-2739.json +++ b/2019/2xxx/CVE-2019-2739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3075.json b/2019/3xxx/CVE-2019-3075.json index 3bb4371b939..4537a4d5111 100644 --- a/2019/3xxx/CVE-2019-3075.json +++ b/2019/3xxx/CVE-2019-3075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3291.json b/2019/3xxx/CVE-2019-3291.json index 34eb35aff2c..f4afcf2dcf6 100644 --- a/2019/3xxx/CVE-2019-3291.json +++ b/2019/3xxx/CVE-2019-3291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3763.json b/2019/3xxx/CVE-2019-3763.json index 1a4800f08b9..f7ebeb00dd5 100644 --- a/2019/3xxx/CVE-2019-3763.json +++ b/2019/3xxx/CVE-2019-3763.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3763", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3763", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6606.json b/2019/6xxx/CVE-2019-6606.json index ec4a0c754fb..1fe43cbedbc 100644 --- a/2019/6xxx/CVE-2019-6606.json +++ b/2019/6xxx/CVE-2019-6606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6792.json b/2019/6xxx/CVE-2019-6792.json index d7d240c287e..9913c9de594 100644 --- a/2019/6xxx/CVE-2019-6792.json +++ b/2019/6xxx/CVE-2019-6792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6792", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6792", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6910.json b/2019/6xxx/CVE-2019-6910.json index 4c61c9a9548..0e7d6ac2b6b 100644 --- a/2019/6xxx/CVE-2019-6910.json +++ b/2019/6xxx/CVE-2019-6910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7434.json b/2019/7xxx/CVE-2019-7434.json index 083041b0fde..88120ae31ea 100644 --- a/2019/7xxx/CVE-2019-7434.json +++ b/2019/7xxx/CVE-2019-7434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7434", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7434", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7453.json b/2019/7xxx/CVE-2019-7453.json index 5e2de4ce862..d3701ccd762 100644 --- a/2019/7xxx/CVE-2019-7453.json +++ b/2019/7xxx/CVE-2019-7453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7597.json b/2019/7xxx/CVE-2019-7597.json index da4e63a364e..245ed5d07d3 100644 --- a/2019/7xxx/CVE-2019-7597.json +++ b/2019/7xxx/CVE-2019-7597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7597", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7597", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7929.json b/2019/7xxx/CVE-2019-7929.json index 77c18c4b1e1..c463599d11a 100644 --- a/2019/7xxx/CVE-2019-7929.json +++ b/2019/7xxx/CVE-2019-7929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file