From ffe709393dc50910fadfe1ac0c0bc6c96be8eb4d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/5xxx/CVE-2006-5814.json | 140 +++++++------- 2007/2xxx/CVE-2007-2095.json | 130 ++++++------- 2007/2xxx/CVE-2007-2244.json | 290 ++++++++++++++-------------- 2007/3xxx/CVE-2007-3459.json | 170 ++++++++--------- 2007/3xxx/CVE-2007-3492.json | 160 ++++++++-------- 2007/3xxx/CVE-2007-3608.json | 180 ++++++++--------- 2007/3xxx/CVE-2007-3755.json | 190 +++++++++--------- 2007/3xxx/CVE-2007-3840.json | 140 +++++++------- 2007/3xxx/CVE-2007-3897.json | 230 +++++++++++----------- 2007/6xxx/CVE-2007-6090.json | 130 ++++++------- 2007/6xxx/CVE-2007-6486.json | 150 +++++++-------- 2007/6xxx/CVE-2007-6581.json | 200 +++++++++---------- 2007/6xxx/CVE-2007-6725.json | 340 ++++++++++++++++----------------- 2010/0xxx/CVE-2010-0286.json | 160 ++++++++-------- 2010/0xxx/CVE-2010-0428.json | 140 +++++++------- 2010/0xxx/CVE-2010-0955.json | 180 ++++++++--------- 2010/1xxx/CVE-2010-1018.json | 130 ++++++------- 2010/1xxx/CVE-2010-1141.json | 210 ++++++++++---------- 2010/1xxx/CVE-2010-1466.json | 150 +++++++-------- 2014/0xxx/CVE-2014-0016.json | 160 ++++++++-------- 2014/0xxx/CVE-2014-0629.json | 120 ++++++------ 2014/1xxx/CVE-2014-1630.json | 34 ++-- 2014/1xxx/CVE-2014-1636.json | 260 ++++++++++++------------- 2014/1xxx/CVE-2014-1736.json | 170 ++++++++--------- 2014/1xxx/CVE-2014-1789.json | 140 +++++++------- 2014/4xxx/CVE-2014-4624.json | 220 ++++++++++----------- 2014/4xxx/CVE-2014-4750.json | 140 +++++++------- 2014/5xxx/CVE-2014-5133.json | 34 ++-- 2014/5xxx/CVE-2014-5258.json | 160 ++++++++-------- 2014/5xxx/CVE-2014-5362.json | 150 +++++++-------- 2014/5xxx/CVE-2014-5391.json | 190 +++++++++--------- 2014/5xxx/CVE-2014-5784.json | 140 +++++++------- 2015/2xxx/CVE-2015-2413.json | 130 ++++++------- 2016/10xxx/CVE-2016-10220.json | 150 +++++++-------- 2016/10xxx/CVE-2016-10307.json | 130 ++++++------- 2016/3xxx/CVE-2016-3116.json | 210 ++++++++++---------- 2016/3xxx/CVE-2016-3673.json | 34 ++-- 2016/3xxx/CVE-2016-3942.json | 34 ++-- 2016/3xxx/CVE-2016-3994.json | 160 ++++++++-------- 2016/8xxx/CVE-2016-8511.json | 142 +++++++------- 2016/8xxx/CVE-2016-8617.json | 242 +++++++++++------------ 2016/8xxx/CVE-2016-8672.json | 140 +++++++------- 2016/8xxx/CVE-2016-8935.json | 178 ++++++++--------- 2016/9xxx/CVE-2016-9354.json | 130 ++++++------- 2016/9xxx/CVE-2016-9829.json | 150 +++++++-------- 2016/9xxx/CVE-2016-9977.json | 158 +++++++-------- 2019/2xxx/CVE-2019-2793.json | 34 ++-- 2019/2xxx/CVE-2019-2902.json | 34 ++-- 2019/2xxx/CVE-2019-2982.json | 34 ++-- 2019/6xxx/CVE-2019-6433.json | 34 ++-- 2019/6xxx/CVE-2019-6950.json | 34 ++-- 2019/6xxx/CVE-2019-6997.json | 34 ++-- 2019/7xxx/CVE-2019-7211.json | 34 ++-- 53 files changed, 3782 insertions(+), 3782 deletions(-) diff --git a/2006/5xxx/CVE-2006-5814.json b/2006/5xxx/CVE-2006-5814.json index afb376795d2..e2293f2ad07 100644 --- a/2006/5xxx/CVE-2006-5814.json +++ b/2006/5xxx/CVE-2006-5814.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a \"Novell eDirectory remote exploit.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gleg.net/vulndisco_meta.shtml", - "refsource" : "MISC", - "url" : "http://gleg.net/vulndisco_meta.shtml" - }, - { - "name" : "1017169", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017169" - }, - { - "name" : "novell-edirectory-code-execution(30150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a \"Novell eDirectory remote exploit.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gleg.net/vulndisco_meta.shtml", + "refsource": "MISC", + "url": "http://gleg.net/vulndisco_meta.shtml" + }, + { + "name": "1017169", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017169" + }, + { + "name": "novell-edirectory-code-execution(30150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30150" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2095.json b/2007/2xxx/CVE-2007-2095.json index d7193b7f27d..ce7b182fcbf 100644 --- a/2007/2xxx/CVE-2007-2095.json +++ b/2007/2xxx/CVE-2007-2095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 MySpeach v1.9", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465721/100/0/threaded" - }, - { - "name" : "2592", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070414 MySpeach v1.9", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465721/100/0/threaded" + }, + { + "name": "2592", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2592" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2244.json b/2007/2xxx/CVE-2007-2244.json index 1b701a325a3..601eef3259f 100644 --- a/2007/2xxx/CVE-2007-2244.json +++ b/2007/2xxx/CVE-2007-2244.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3793", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3793" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-13.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-16.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-17.html" - }, - { - "name" : "23621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23621" - }, - { - "name" : "ADV-2007-1523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1523" - }, - { - "name" : "ADV-2007-3442", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3442" - }, - { - "name" : "ADV-2007-3443", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3443" - }, - { - "name" : "35370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35370" - }, - { - "name" : "38064", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38064" - }, - { - "name" : "38065", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38065" - }, - { - "name" : "38066", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38066" - }, - { - "name" : "1017962", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017962" - }, - { - "name" : "1018792", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018792" - }, - { - "name" : "25023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25023" - }, - { - "name" : "26846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26846" - }, - { - "name" : "26864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26864" - }, - { - "name" : "adobe-multiple-files-bo(33838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23621" + }, + { + "name": "1018792", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018792" + }, + { + "name": "35370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35370" + }, + { + "name": "25023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25023" + }, + { + "name": "adobe-multiple-files-bo(33838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838" + }, + { + "name": "ADV-2007-3442", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3442" + }, + { + "name": "3793", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3793" + }, + { + "name": "38065", + "refsource": "OSVDB", + "url": "http://osvdb.org/38065" + }, + { + "name": "38064", + "refsource": "OSVDB", + "url": "http://osvdb.org/38064" + }, + { + "name": "26864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26864" + }, + { + "name": "26846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26846" + }, + { + "name": "ADV-2007-1523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1523" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html" + }, + { + "name": "38066", + "refsource": "OSVDB", + "url": "http://osvdb.org/38066" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html" + }, + { + "name": "ADV-2007-3443", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3443" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html" + }, + { + "name": "1017962", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017962" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3459.json b/2007/3xxx/CVE-2007-3459.json index 856dba0027f..391c176194e 100644 --- a/2007/3xxx/CVE-2007-3459.json +++ b/2007/3xxx/CVE-2007-3459.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070626 [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vectorsoftware ActiveX Arbitrary Data Write", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472296/100/0/threaded" - }, - { - "name" : "4110", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4110" - }, - { - "name" : "24659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24659" - }, - { - "name" : "38037", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38037" - }, - { - "name" : "2844", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2844" - }, - { - "name" : "avax-writemovie-file-overwrite(35089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avax-writemovie-file-overwrite(35089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35089" + }, + { + "name": "4110", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4110" + }, + { + "name": "24659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24659" + }, + { + "name": "38037", + "refsource": "OSVDB", + "url": "http://osvdb.org/38037" + }, + { + "name": "2844", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2844" + }, + { + "name": "20070626 [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vectorsoftware ActiveX Arbitrary Data Write", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472296/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3492.json b/2007/3xxx/CVE-2007-3492.json index 83a88552e0a..7b2ca29c7c8 100644 --- a/2007/3xxx/CVE-2007-3492.json +++ b/2007/3xxx/CVE-2007-3492.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing \"//A:\" in the argument to the LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070627 Conti FTP Server v1.0 DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472346/100/0/threaded" - }, - { - "name" : "24672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24672" - }, - { - "name" : "40776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40776" - }, - { - "name" : "2847", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2847" - }, - { - "name" : "conti-ftpserver-list-dos(35106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing \"//A:\" in the argument to the LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2847", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2847" + }, + { + "name": "20070627 Conti FTP Server v1.0 DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472346/100/0/threaded" + }, + { + "name": "conti-ftpserver-list-dos(35106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35106" + }, + { + "name": "40776", + "refsource": "OSVDB", + "url": "http://osvdb.org/40776" + }, + { + "name": "24672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24672" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3608.json b/2007/3xxx/CVE-2007-3608.json index 5e7750e52c9..de92ba1981f 100644 --- a/2007/3xxx/CVE-2007-3608.json +++ b/2007/3xxx/CVE-2007-3608.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472887/100/0/threaded" - }, - { - "name" : "4148", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4148" - }, - { - "name" : "4149", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4149" - }, - { - "name" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/" - }, - { - "name" : "24776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24776" - }, - { - "name" : "37687", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37687" - }, - { - "name" : "2873", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37687", + "refsource": "OSVDB", + "url": "http://osvdb.org/37687" + }, + { + "name": "2873", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2873" + }, + { + "name": "24776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24776" + }, + { + "name": "4148", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4148" + }, + { + "name": "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472887/100/0/threaded" + }, + { + "name": "4149", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4149" + }, + { + "name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3755.json b/2007/3xxx/CVE-2007-3755.json index 38cccd73560..92e497500b4 100644 --- a/2007/3xxx/CVE-2007-3755.json +++ b/2007/3xxx/CVE-2007-3755.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a \"tel:\" link, which does not prompt the user before dialing the number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=306586", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306586" - }, - { - "name" : "APPLE-SA-2007-09-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" - }, - { - "name" : "25862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25862" - }, - { - "name" : "ADV-2007-3287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3287" - }, - { - "name" : "38536", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38536" - }, - { - "name" : "1018752", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018752" - }, - { - "name" : "26983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26983" - }, - { - "name" : "iphone-tellink-phone-hijacking(36853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a \"tel:\" link, which does not prompt the user before dialing the number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2007-09-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html" + }, + { + "name": "iphone-tellink-phone-hijacking(36853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36853" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306586", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306586" + }, + { + "name": "25862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25862" + }, + { + "name": "38536", + "refsource": "OSVDB", + "url": "http://osvdb.org/38536" + }, + { + "name": "26983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26983" + }, + { + "name": "ADV-2007-3287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3287" + }, + { + "name": "1018752", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018752" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3840.json b/2007/3xxx/CVE-2007-3840.json index 2e9736466c6..077e494fb06 100644 --- a/2007/3xxx/CVE-2007-3840.json +++ b/2007/3xxx/CVE-2007-3840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4187", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4187" - }, - { - "name" : "24925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24925" - }, - { - "name" : "36258", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4187", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4187" + }, + { + "name": "36258", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36258" + }, + { + "name": "24925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24925" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3897.json b/2007/3xxx/CVE-2007-3897.json index b2d48ff4683..19bc9dfda12 100644 --- a/2007/3xxx/CVE-2007-3897.json +++ b/2007/3xxx/CVE-2007-3897.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607" - }, - { - "name" : "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481983/100/100/threaded" - }, - { - "name" : "HPSBST02280", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" - }, - { - "name" : "SSRT071480", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" - }, - { - "name" : "MS07-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056" - }, - { - "name" : "TA07-282A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" - }, - { - "name" : "25908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25908" - }, - { - "name" : "ADV-2007-3436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3436" - }, - { - "name" : "oval:org.mitre.oval:def:1706", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706" - }, - { - "name" : "1018785", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018785" - }, - { - "name" : "1018786", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018786" - }, - { - "name" : "27112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018785", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018785" + }, + { + "name": "HPSBST02280", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" + }, + { + "name": "SSRT071480", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:1706", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706" + }, + { + "name": "MS07-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056" + }, + { + "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded" + }, + { + "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607" + }, + { + "name": "ADV-2007-3436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3436" + }, + { + "name": "1018786", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018786" + }, + { + "name": "25908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25908" + }, + { + "name": "TA07-282A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" + }, + { + "name": "27112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27112" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6090.json b/2007/6xxx/CVE-2007-6090.json index feef577de6a..375e210f923 100644 --- a/2007/6xxx/CVE-2007-6090.json +++ b/2007/6xxx/CVE-2007-6090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt" - }, - { - "name" : "26458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt" + }, + { + "name": "26458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26458" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6486.json b/2007/6xxx/CVE-2007-6486.json index d0b035efd6f..6405e9e8c72 100644 --- a/2007/6xxx/CVE-2007-6486.json +++ b/2007/6xxx/CVE-2007-6486.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/", - "refsource" : "MISC", - "url" : "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/" - }, - { - "name" : "26906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26906" - }, - { - "name" : "28137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28137" - }, - { - "name" : "lineshout-shout-xss(39090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28137" + }, + { + "name": "26906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26906" + }, + { + "name": "lineshout-shout-xss(39090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39090" + }, + { + "name": "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/", + "refsource": "MISC", + "url": "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6581.json b/2007/6xxx/CVE-2007-6581.json index fca16c2cd0f..e5910855239 100644 --- a/2007/6xxx/CVE-2007-6581.json +++ b/2007/6xxx/CVE-2007-6581.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4767", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4767" - }, - { - "name" : "http://www.inj3ct-it.org/exploit/socialengine2.txt", - "refsource" : "MISC", - "url" : "http://www.inj3ct-it.org/exploit/socialengine2.txt" - }, - { - "name" : "26990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26990" - }, - { - "name" : "40370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40370" - }, - { - "name" : "40371", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40371" - }, - { - "name" : "40372", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40372" - }, - { - "name" : "40373", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40373" - }, - { - "name" : "40374", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40374" - }, - { - "name" : "40375", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40371", + "refsource": "OSVDB", + "url": "http://osvdb.org/40371" + }, + { + "name": "4767", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4767" + }, + { + "name": "40373", + "refsource": "OSVDB", + "url": "http://osvdb.org/40373" + }, + { + "name": "40370", + "refsource": "OSVDB", + "url": "http://osvdb.org/40370" + }, + { + "name": "40374", + "refsource": "OSVDB", + "url": "http://osvdb.org/40374" + }, + { + "name": "40375", + "refsource": "OSVDB", + "url": "http://osvdb.org/40375" + }, + { + "name": "40372", + "refsource": "OSVDB", + "url": "http://osvdb.org/40372" + }, + { + "name": "26990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26990" + }, + { + "name": "http://www.inj3ct-it.org/exploit/socialengine2.txt", + "refsource": "MISC", + "url": "http://www.inj3ct-it.org/exploit/socialengine2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6725.json b/2007/6xxx/CVE-2007-6725.json index e4cb3b8a14f..7b506ead7e1 100644 --- a/2007/6xxx/CVE-2007-6725.json +++ b/2007/6xxx/CVE-2007-6725.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090417 rPSA-2009-0060-1 ghostscript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502757/100/0/threaded" - }, - { - "name" : "[oss-security] 20090401 CVE request -- ghostscript", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/01/10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=229174", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=229174" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=493442", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=493442" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0060", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0060" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm" - }, - { - "name" : "FEDORA-2008-5699", - "refsource" : "FEDORA", - "url" : "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html" - }, - { - "name" : "MDVSA-2009:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" - }, - { - "name" : "MDVSA-2009:096", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" - }, - { - "name" : "RHSA-2009:0420", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0420.html" - }, - { - "name" : "RHSA-2009:0421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0421.html" - }, - { - "name" : "262288", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "USN-757-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/757-1/" - }, - { - "name" : "34337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34337" - }, - { - "name" : "oval:org.mitre.oval:def:9507", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507" - }, - { - "name" : "34726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34726" - }, - { - "name" : "34732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34732" - }, - { - "name" : "34729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34729" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35559" - }, - { - "name" : "35569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35569" - }, - { - "name" : "ADV-2009-1708", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:0421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html" + }, + { + "name": "RHSA-2009:0420", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html" + }, + { + "name": "FEDORA-2008-5699", + "refsource": "FEDORA", + "url": "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html" + }, + { + "name": "262288", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" + }, + { + "name": "20090417 rPSA-2009-0060-1 ghostscript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded" + }, + { + "name": "34729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34729" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=229174", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174" + }, + { + "name": "MDVSA-2009:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" + }, + { + "name": "34337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34337" + }, + { + "name": "34732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34732" + }, + { + "name": "35569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35569" + }, + { + "name": "ADV-2009-1708", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1708" + }, + { + "name": "oval:org.mitre.oval:def:9507", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507" + }, + { + "name": "MDVSA-2009:096", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" + }, + { + "name": "35559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35559" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=493442", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442" + }, + { + "name": "USN-757-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/757-1/" + }, + { + "name": "[oss-security] 20090401 CVE request -- ghostscript", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/01/10" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm" + }, + { + "name": "34726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34726" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0286.json b/2010/0xxx/CVE-2010-0286.json index 266661a0f79..f6a4420a9cc 100644 --- a/2010/0xxx/CVE-2010-0286.json +++ b/2010/0xxx/CVE-2010-0286.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/" - }, - { - "name" : "61680", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61680" - }, - { - "name" : "38206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38206" - }, - { - "name" : "ADV-2010-0127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0127" - }, - { - "name" : "typo3-openid-security-bypass(55609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-0127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0127" + }, + { + "name": "typo3-openid-security-bypass(55609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/" + }, + { + "name": "38206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38206" + }, + { + "name": "61680", + "refsource": "OSVDB", + "url": "http://osvdb.org/61680" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0428.json b/2010/0xxx/CVE-2010-0428.json index 348871998ab..6aaef965f83 100644 --- a/2010/0xxx/CVE-2010-0428.json +++ b/2010/0xxx/CVE-2010-0428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-0428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=568699", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=568699" - }, - { - "name" : "RHSA-2010:0622", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0622.html" - }, - { - "name" : "RHSA-2010:0633", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0633.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2010:0622", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0622.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=568699", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568699" + }, + { + "name": "RHSA-2010:0633", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0633.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0955.json b/2010/0xxx/CVE-2010-0955.json index 1c5465835b3..035124aa3b7 100644 --- a/2010/0xxx/CVE-2010-0955.json +++ b/2010/0xxx/CVE-2010-0955.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/", - "refsource" : "MISC", - "url" : "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt" - }, - { - "name" : "11648", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11648" - }, - { - "name" : "38585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38585" - }, - { - "name" : "62780", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62780" - }, - { - "name" : "38870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38870" - }, - { - "name" : "bildflirt-index-sql-injection(56727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt" + }, + { + "name": "62780", + "refsource": "OSVDB", + "url": "http://osvdb.org/62780" + }, + { + "name": "bildflirt-index-sql-injection(56727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56727" + }, + { + "name": "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/", + "refsource": "MISC", + "url": "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/" + }, + { + "name": "38585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38585" + }, + { + "name": "11648", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11648" + }, + { + "name": "38870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38870" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1018.json b/2010/1xxx/CVE-2010-1018.json index 3127b980ce5..567bdf4d48a 100644 --- a/2010/1xxx/CVE-2010-1018.json +++ b/2010/1xxx/CVE-2010-1018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38803" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1141.json b/2010/1xxx/CVE-2010-1141.json index a3869463e1f..8b023f98428 100644 --- a/2010/1xxx/CVE-2010-1141.json +++ b/2010/1xxx/CVE-2010-1141.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "oval:org.mitre.oval:def:7020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020" - }, - { - "name" : "1023832", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023832" - }, - { - "name" : "1023833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023833" - }, - { - "name" : "39198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39198" - }, - { - "name" : "39206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "39206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39206" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "1023833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023833" + }, + { + "name": "39198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39198" + }, + { + "name": "1023832", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023832" + }, + { + "name": "oval:org.mitre.oval:def:7020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1466.json b/2010/1xxx/CVE-2010-1466.json index 79c13302339..cfd9df04dbf 100644 --- a/2010/1xxx/CVE-2010-1466.json +++ b/2010/1xxx/CVE-2010-1466.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12193", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12193" - }, - { - "name" : "39412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39412" - }, - { - "name" : "39400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39400" - }, - { - "name" : "vaccin-soustab-file-include(57816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39400" + }, + { + "name": "39412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39412" + }, + { + "name": "12193", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12193" + }, + { + "name": "vaccin-soustab-file-include(57816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57816" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0016.json b/2014/0xxx/CVE-2014-0016.json index fc49fc8726e..f864e102823 100644 --- a/2014/0xxx/CVE-2014-0016.json +++ b/2014/0xxx/CVE-2014-0016.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140305 libssh and stunnel PRNG flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/05/1" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072180", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072180" - }, - { - "name" : "https://www.stunnel.org/sdf_ChangeLog.html", - "refsource" : "CONFIRM", - "url" : "https://www.stunnel.org/sdf_ChangeLog.html" - }, - { - "name" : "65964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.stunnel.org/sdf_ChangeLog.html", + "refsource": "CONFIRM", + "url": "https://www.stunnel.org/sdf_ChangeLog.html" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff" + }, + { + "name": "[oss-security] 20140305 libssh and stunnel PRNG flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/05/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180" + }, + { + "name": "65964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65964" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0629.json b/2014/0xxx/CVE-2014-0629.json index 6e31a250e7b..9ae1b8f5334 100644 --- a/2014/0xxx/CVE-2014-0629.json +++ b/2014/0xxx/CVE-2014-0629.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2014/Mar/33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2014/Mar/33" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1630.json b/2014/1xxx/CVE-2014-1630.json index 91885f44453..90962520a96 100644 --- a/2014/1xxx/CVE-2014-1630.json +++ b/2014/1xxx/CVE-2014-1630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1636.json b/2014/1xxx/CVE-2014-1636.json index 22286b31ec0..f8e54d61629 100644 --- a/2014/1xxx/CVE-2014-1636.json +++ b/2014/1xxx/CVE-2014-1636.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" - }, - { - "name" : "64707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64707" - }, - { - "name" : "101874", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101874" - }, - { - "name" : "101875", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101875" - }, - { - "name" : "101876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101876" - }, - { - "name" : "101877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101877" - }, - { - "name" : "101878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101878" - }, - { - "name" : "101879", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101879" - }, - { - "name" : "101880", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101880" - }, - { - "name" : "101881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101881" - }, - { - "name" : "101882", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101882" - }, - { - "name" : "101883", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101883" - }, - { - "name" : "101884", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101884" - }, - { - "name" : "101885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101885" - }, - { - "name" : "commandschool-id-sql-injection(90175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101879", + "refsource": "OSVDB", + "url": "http://osvdb.org/101879" + }, + { + "name": "101884", + "refsource": "OSVDB", + "url": "http://osvdb.org/101884" + }, + { + "name": "101883", + "refsource": "OSVDB", + "url": "http://osvdb.org/101883" + }, + { + "name": "101885", + "refsource": "OSVDB", + "url": "http://osvdb.org/101885" + }, + { + "name": "101874", + "refsource": "OSVDB", + "url": "http://osvdb.org/101874" + }, + { + "name": "101881", + "refsource": "OSVDB", + "url": "http://osvdb.org/101881" + }, + { + "name": "101878", + "refsource": "OSVDB", + "url": "http://osvdb.org/101878" + }, + { + "name": "commandschool-id-sql-injection(90175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90175" + }, + { + "name": "101877", + "refsource": "OSVDB", + "url": "http://osvdb.org/101877" + }, + { + "name": "64707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64707" + }, + { + "name": "101880", + "refsource": "OSVDB", + "url": "http://osvdb.org/101880" + }, + { + "name": "101882", + "refsource": "OSVDB", + "url": "http://osvdb.org/101882" + }, + { + "name": "101876", + "refsource": "OSVDB", + "url": "http://osvdb.org/101876" + }, + { + "name": "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" + }, + { + "name": "101875", + "refsource": "OSVDB", + "url": "http://osvdb.org/101875" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1736.json b/2014/1xxx/CVE-2014-1736.json index f57aa7a2f96..4e6eeb459e6 100644 --- a/2014/1xxx/CVE-2014-1736.json +++ b/2014/1xxx/CVE-2014-1736.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=359802", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=359802" - }, - { - "name" : "https://code.google.com/p/v8/source/detail?r=20519", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/v8/source/detail?r=20519" - }, - { - "name" : "https://code.google.com/p/v8/source/detail?r=20525", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/v8/source/detail?r=20525" - }, - { - "name" : "DSA-2920", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2920" - }, - { - "name" : "58301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/v8/source/detail?r=20519", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/v8/source/detail?r=20519" + }, + { + "name": "58301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58301" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" + }, + { + "name": "DSA-2920", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2920" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=359802", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=359802" + }, + { + "name": "https://code.google.com/p/v8/source/detail?r=20525", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/v8/source/detail?r=20525" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1789.json b/2014/1xxx/CVE-2014-1789.json index 88b1ca45bb6..d09c49b7ea2 100644 --- a/2014/1xxx/CVE-2014-1789.json +++ b/2014/1xxx/CVE-2014-1789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1790." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-1789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67881" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1790." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "67881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67881" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4624.json b/2014/4xxx/CVE-2014-4624.json index 8551ad3c2fd..e638183080b 100644 --- a/2014/4xxx/CVE-2014-4624.json +++ b/2014/4xxx/CVE-2014-4624.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-4624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html" - }, - { - "name" : "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533813/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0011.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0011.html" - }, - { - "name" : "70709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70709" - }, - { - "name" : "1031114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031114" - }, - { - "name" : "1031118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031118" - }, - { - "name" : "61663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61663" - }, - { - "name" : "61950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61950" - }, - { - "name" : "vsphere-data-cve20144624-info-disc(97729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031118" + }, + { + "name": "61663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61663" + }, + { + "name": "61950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61950" + }, + { + "name": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html" + }, + { + "name": "1031114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031114" + }, + { + "name": "70709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70709" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html" + }, + { + "name": "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html" + }, + { + "name": "vsphere-data-cve20144624-info-disc(97729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729" + }, + { + "name": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html" + }, + { + "name": "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4750.json b/2014/4xxx/CVE-2014-4750.json index 6d07f79d3be..5939a32fd46 100644 --- a/2014/4xxx/CVE-2014-4750.json +++ b/2014/4xxx/CVE-2014-4750.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223" - }, - { - "name" : "69299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69299" - }, - { - "name" : "ibm-powervc-cve20144750-ftp(94352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-powervc-cve20144750-ftp(94352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94352" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223" + }, + { + "name": "69299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69299" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5133.json b/2014/5xxx/CVE-2014-5133.json index e84660b8880..0efa3c956ac 100644 --- a/2014/5xxx/CVE-2014-5133.json +++ b/2014/5xxx/CVE-2014-5133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5258.json b/2014/5xxx/CVE-2014-5258.json index 9d2ac3af55d..a4e81b33920 100644 --- a/2014/5xxx/CVE-2014-5258.json +++ b/2014/5xxx/CVE-2014-5258.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140917 Path Traversal in webEdition", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533465/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html" - }, - { - "name" : "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen", - "refsource" : "MISC", - "url" : "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23227", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23227" - }, - { - "name" : "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0", - "refsource" : "CONFIRM", - "url" : "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23227", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23227" + }, + { + "name": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen", + "refsource": "MISC", + "url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen" + }, + { + "name": "20140917 Path Traversal in webEdition", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html" + }, + { + "name": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0", + "refsource": "CONFIRM", + "url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5362.json b/2014/5xxx/CVE-2014-5362.json index e5a3e53b46c..32c7e3f60d1 100644 --- a/2014/5xxx/CVE-2014-5362.json +++ b/2014/5xxx/CVE-2014-5362.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150416 [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535286/100/1100/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html" - }, - { - "name" : "74190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74190" - }, - { - "name" : "1032203", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032203", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032203" + }, + { + "name": "20150416 [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535286/100/1100/threaded" + }, + { + "name": "74190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74190" + }, + { + "name": "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5391.json b/2014/5xxx/CVE-2014-5391.json index cde10f1f4cf..6e3d41ac745 100644 --- a/2014/5xxx/CVE-2014-5391.json +++ b/2014/5xxx/CVE-2014-5391.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533372/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt", - "refsource" : "MISC", - "url" : "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt" - }, - { - "name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73", - "refsource" : "CONFIRM", - "url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73" - }, - { - "name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74", - "refsource" : "CONFIRM", - "url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74" - }, - { - "name" : "https://change.sos-berlin.com/browse/JS-1203", - "refsource" : "CONFIRM", - "url" : "https://change.sos-berlin.com/browse/JS-1203" - }, - { - "name" : "69660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69660" - }, - { - "name" : "jobscheduler-cve20145391-xss(95797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69660" + }, + { + "name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html" + }, + { + "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73", + "refsource": "CONFIRM", + "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73" + }, + { + "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74", + "refsource": "CONFIRM", + "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74" + }, + { + "name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded" + }, + { + "name": "https://change.sos-berlin.com/browse/JS-1203", + "refsource": "CONFIRM", + "url": "https://change.sos-berlin.com/browse/JS-1203" + }, + { + "name": "jobscheduler-cve20145391-xss(95797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797" + }, + { + "name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt", + "refsource": "MISC", + "url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5784.json b/2014/5xxx/CVE-2014-5784.json index 4bb82021fb1..1537eb99dc1 100644 --- a/2014/5xxx/CVE-2014-5784.json +++ b/2014/5xxx/CVE-2014-5784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#114865", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/114865" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#114865", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/114865" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2413.json b/2015/2xxx/CVE-2015-2413.json index 3f93a0a71ba..57d48af6a0d 100644 --- a/2015/2xxx/CVE-2015-2413.json +++ b/2015/2xxx/CVE-2015-2413.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka \"Internet Explorer Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" - }, - { - "name" : "1032894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka \"Internet Explorer Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032894" + }, + { + "name": "MS15-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10220.json b/2016/10xxx/CVE-2016-10220.json index 3de1ae489e1..53a46653fd0 100644 --- a/2016/10xxx/CVE-2016-10220.json +++ b/2016/10xxx/CVE-2016-10220.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8", - "refsource" : "CONFIRM", - "url" : "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697450", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697450" - }, - { - "name" : "DSA-3838", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3838" - }, - { - "name" : "GLSA-201708-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3838", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3838" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697450", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697450" + }, + { + "name": "GLSA-201708-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-06" + }, + { + "name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8", + "refsource": "CONFIRM", + "url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10307.json b/2016/10xxx/CVE-2016-10307.json index fa78e7db1f7..94467d3b29a 100644 --- a/2016/10xxx/CVE-2016-10307.json +++ b/2016/10xxx/CVE-2016-10307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.iancaling.com/post/153011925478", - "refsource" : "MISC", - "url" : "http://blog.iancaling.com/post/153011925478" - }, - { - "name" : "97242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97242" + }, + { + "name": "http://blog.iancaling.com/post/153011925478", + "refsource": "MISC", + "url": "http://blog.iancaling.com/post/153011925478" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3116.json b/2016/3xxx/CVE-2016-3116.json index 31d0ba06051..3b684ff5072 100644 --- a/2016/3xxx/CVE-2016-3116.json +++ b/2016/3xxx/CVE-2016-3116.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Mar/47" - }, - { - "name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", - "refsource" : "MISC", - "url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" - }, - { - "name" : "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html" - }, - { - "name" : "https://matt.ucc.asn.au/dropbear/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://matt.ucc.asn.au/dropbear/CHANGES" - }, - { - "name" : "FEDORA-2016-bc45faa824", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.html" - }, - { - "name" : "FEDORA-2016-332491de28", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.html" - }, - { - "name" : "FEDORA-2016-40a657cee1", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.html" - }, - { - "name" : "GLSA-201607-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-08" - }, - { - "name" : "openSUSE-SU-2016:0874", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.html" - }, - { - "name" : "openSUSE-SU-2016:0882", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00113.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115", + "refsource": "MISC", + "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115" + }, + { + "name": "https://matt.ucc.asn.au/dropbear/CHANGES", + "refsource": "CONFIRM", + "url": "https://matt.ucc.asn.au/dropbear/CHANGES" + }, + { + "name": "FEDORA-2016-40a657cee1", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.html" + }, + { + "name": "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html" + }, + { + "name": "FEDORA-2016-332491de28", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.html" + }, + { + "name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Mar/47" + }, + { + "name": "FEDORA-2016-bc45faa824", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.html" + }, + { + "name": "openSUSE-SU-2016:0882", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00113.html" + }, + { + "name": "GLSA-201607-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-08" + }, + { + "name": "openSUSE-SU-2016:0874", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3673.json b/2016/3xxx/CVE-2016-3673.json index 78d59bb4ace..1b527e60541 100644 --- a/2016/3xxx/CVE-2016-3673.json +++ b/2016/3xxx/CVE-2016-3673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3673", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3673", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3942.json b/2016/3xxx/CVE-2016-3942.json index 850cdee5f52..4a1b9159742 100644 --- a/2016/3xxx/CVE-2016-3942.json +++ b/2016/3xxx/CVE-2016-3942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3994.json b/2016/3xxx/CVE-2016-3994.json index 35dd4ba06ee..b2e593ec067 100644 --- a/2016/3xxx/CVE-2016-3994.json +++ b/2016/3xxx/CVE-2016-3994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Enlightenment-announce] 20160501 imlib2 1.4.9", - "refsource" : "MLIST", - "url" : "https://sourceforge.net/p/enlightenment/mailman/message/35055012/" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369" - }, - { - "name" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8" - }, - { - "name" : "DSA-3555", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3555" - }, - { - "name" : "openSUSE-SU-2016:1330", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8" + }, + { + "name": "[Enlightenment-announce] 20160501 imlib2 1.4.9", + "refsource": "MLIST", + "url": "https://sourceforge.net/p/enlightenment/mailman/message/35055012/" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369" + }, + { + "name": "DSA-3555", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3555" + }, + { + "name": "openSUSE-SU-2016:1330", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8511.json b/2016/8xxx/CVE-2016-8511.json index 24ab7505238..392db310f67 100644 --- a/2016/8xxx/CVE-2016-8511.json +++ b/2016/8xxx/CVE-2016-8511.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2016-11-28T00:00:00", - "ID" : "CVE-2016-8511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Automation", - "version" : { - "version_data" : [ - { - "version_value" : "v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2016-11-28T00:00:00", + "ID": "CVE-2016-8511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Automation", + "version": { + "version_data": [ + { + "version_value": "v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-39", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-39" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849" - }, - { - "name" : "94610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2016-39", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-39" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849" + }, + { + "name": "94610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94610" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8617.json b/2016/8xxx/CVE-2016-8617.json index 2f954a00161..ca212ac350a 100644 --- a/2016/8xxx/CVE-2016-8617.json +++ b/2016/8xxx/CVE-2016-8617.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2016-8617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "7.51.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Curl Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "7.51.0" + } + ] + } + } + ] + }, + "vendor_name": "The Curl Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_20161102C.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20161102C.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617" - }, - { - "name" : "https://curl.haxx.se/CVE-2016-8617.patch", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/CVE-2016-8617.patch" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-21", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-21" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "GLSA-201701-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-47" - }, - { - "name" : "RHSA-2018:2486", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2486" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "94097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94097" - }, - { - "name" : "1037192", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://curl.haxx.se/docs/adv_20161102C.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20161102C.html" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "https://curl.haxx.se/CVE-2016-8617.patch", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/CVE-2016-8617.patch" + }, + { + "name": "94097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94097" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "1037192", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037192" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617" + }, + { + "name": "RHSA-2018:2486", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2486" + }, + { + "name": "GLSA-201701-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-47" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8672.json b/2016/8xxx/CVE-2016-8672.json index a4503f458df..01eed90cf69 100644 --- a/2016/8xxx/CVE-2016-8672.json +++ b/2016/8xxx/CVE-2016-8672.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior to version 3.0.53, SIMATIC CP 443-1 Advanced prior to version 3.2.17, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf" - }, - { - "name" : "94460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior to version 3.0.53, SIMATIC CP 443-1 Advanced prior to version 3.2.17, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94460" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8935.json b/2016/8xxx/CVE-2016-8935.json index a761681d02b..9b243c1a1b4 100644 --- a/2016/8xxx/CVE-2016-8935.json +++ b/2016/8xxx/CVE-2016-8935.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-8935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LMS on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "13.0" - }, - { - "version_value" : "13.1" - }, - { - "version_value" : "13.2" - }, - { - "version_value" : "13.2.2" - }, - { - "version_value" : "13.2.3" - }, - { - "version_value" : "13.2.4" - }, - { - "version_value" : "14.0.0" - }, - { - "version_value" : "14.1.0" - }, - { - "version_value" : "14.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-8935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LMS on Cloud", + "version": { + "version_data": [ + { + "version_value": "13.0" + }, + { + "version_value": "13.1" + }, + { + "version_value": "13.2" + }, + { + "version_value": "13.2.2" + }, + { + "version_value": "13.2.3" + }, + { + "version_value": "13.2.4" + }, + { + "version_value": "14.0.0" + }, + { + "version_value": "14.1.0" + }, + { + "version_value": "14.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21999483", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21999483" - }, - { - "name" : "97077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21999483", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21999483" + }, + { + "name": "97077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97077" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9354.json b/2016/9xxx/CVE-2016-9354.json index 3acead3084a..a85bce7e369 100644 --- a/2016/9xxx/CVE-2016-9354.json +++ b/2016/9xxx/CVE-2016-9354.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa DACenter 1.4 and older", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa DACenter 1.4 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa DACenter Uncontrolled Resource Consumption" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa DACenter 1.4 and older", + "version": { + "version_data": [ + { + "version_value": "Moxa DACenter 1.4 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02" - }, - { - "name" : "94891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa DACenter Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02" + }, + { + "name": "94891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94891" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9829.json b/2016/9xxx/CVE-2016-9829.json index 44a14ad75b5..a0e8a7807ca 100644 --- a/2016/9xxx/CVE-2016-9829.json +++ b/2016/9xxx/CVE-2016-9829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161201 libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/01/5" - }, - { - "name" : "[oss-security] 20161204 Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/4" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/" - }, - { - "name" : "95133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20161201 libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/01/5" + }, + { + "name": "[oss-security] 20161204 Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/4" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/" + }, + { + "name": "95133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95133" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9977.json b/2016/9xxx/CVE-2016-9977.json index 255f1096e2c..f583ac3e7f0 100644 --- a/2016/9xxx/CVE-2016-9977.json +++ b/2016/9xxx/CVE-2016-9977.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "7.5" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "7.5" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003981", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003981" - }, - { - "name" : "98786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253" + }, + { + "name": "98786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98786" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003981", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2793.json b/2019/2xxx/CVE-2019-2793.json index 1cd82c22991..08ac6020ab9 100644 --- a/2019/2xxx/CVE-2019-2793.json +++ b/2019/2xxx/CVE-2019-2793.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2793", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2793", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2902.json b/2019/2xxx/CVE-2019-2902.json index 6db8291d9af..9c31d67b5b7 100644 --- a/2019/2xxx/CVE-2019-2902.json +++ b/2019/2xxx/CVE-2019-2902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2982.json b/2019/2xxx/CVE-2019-2982.json index 374eb33754c..f9026cc51f6 100644 --- a/2019/2xxx/CVE-2019-2982.json +++ b/2019/2xxx/CVE-2019-2982.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2982", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2982", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6433.json b/2019/6xxx/CVE-2019-6433.json index cbbc197550e..6f7bbc6efce 100644 --- a/2019/6xxx/CVE-2019-6433.json +++ b/2019/6xxx/CVE-2019-6433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6950.json b/2019/6xxx/CVE-2019-6950.json index 8fb26bbc210..623358c73f5 100644 --- a/2019/6xxx/CVE-2019-6950.json +++ b/2019/6xxx/CVE-2019-6950.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6950", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6950", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6997.json b/2019/6xxx/CVE-2019-6997.json index efcd2f6599a..d8897cdb9f6 100644 --- a/2019/6xxx/CVE-2019-6997.json +++ b/2019/6xxx/CVE-2019-6997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6997", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7211.json b/2019/7xxx/CVE-2019-7211.json index c11851e29d1..75c1ab41fc6 100644 --- a/2019/7xxx/CVE-2019-7211.json +++ b/2019/7xxx/CVE-2019-7211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7211", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7211", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file