diff --git a/2007/0xxx/CVE-2007-0557.json b/2007/0xxx/CVE-2007-0557.json index 3c896cf07d4..d70fea54111 100644 --- a/2007/0xxx/CVE-2007-0557.json +++ b/2007/0xxx/CVE-2007-0557.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.rpath.com/browse/RPL-1002", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1002" - }, - { - "name" : "32971", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32971", + "refsource": "OSVDB", + "url": "http://osvdb.org/32971" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1002", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1002" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0643.json b/2007/0xxx/CVE-2007-0643.json index 26a65d08ae3..44e1c2e2829 100644 --- a/2007/0xxx/CVE-2007-0643.json +++ b/2007/0xxx/CVE-2007-0643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3229", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3229" - }, - { - "name" : "22315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22315" - }, - { - "name" : "38131", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38131", + "refsource": "OSVDB", + "url": "http://osvdb.org/38131" + }, + { + "name": "22315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22315" + }, + { + "name": "3229", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3229" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1160.json b/2007/1xxx/CVE-2007-1160.json index bf21abd0490..0d95f67ef7a 100644 --- a/2007/1xxx/CVE-2007-1160.json +++ b/2007/1xxx/CVE-2007-1160.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460937/100/0/threaded" - }, - { - "name" : "33143", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33143" - }, - { - "name" : "2337", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2337", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2337" + }, + { + "name": "33143", + "refsource": "OSVDB", + "url": "http://osvdb.org/33143" + }, + { + "name": "20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1646.json b/2007/1xxx/CVE-2007-1646.json index 831492427f1..dabba919b8b 100644 --- a/2007/1xxx/CVE-2007-1646.json +++ b/2007/1xxx/CVE-2007-1646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070321 **SubHub v2.3.0**", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463488/100/0/threaded" - }, - { - "name" : "2475", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2475" - }, - { - "name" : "subhub-search-xss(33161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070321 **SubHub v2.3.0**", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463488/100/0/threaded" + }, + { + "name": "2475", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2475" + }, + { + "name": "subhub-search-xss(33161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33161" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1734.json b/2007/1xxx/CVE-2007-1734.json index b4a41f89492..3e5fc6ffd12 100644 --- a/2007/1xxx/CVE-2007-1734.json +++ b/2007/1xxx/CVE-2007-1734.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070327 Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463969/100/0/threaded" - }, - { - "name" : "1017820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017820" - }, - { - "name" : "2511", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2511" - }, - { - "name" : "kernel-dccp-information-disclosure(33274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33274" - }, - { - "name" : "linux-kernel-dccp-info-disclosure(43321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-kernel-dccp-info-disclosure(43321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43321" + }, + { + "name": "2511", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2511" + }, + { + "name": "20070327 Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463969/100/0/threaded" + }, + { + "name": "1017820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017820" + }, + { + "name": "kernel-dccp-information-disclosure(33274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33274" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3089.json b/2007/3xxx/CVE-2007-3089.json index 342ee198555..f1e0811e244 100644 --- a/2007/3xxx/CVE-2007-3089.json +++ b/2007/3xxx/CVE-2007-3089.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 Assorted browser vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470446/100/0/threaded" - }, - { - "name" : "20070720 rPSA-2007-0148-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474226/100/0/threaded" - }, - { - "name" : "20070724 FLEA-2007-0033-1: firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474542/100/0/threaded" - }, - { - "name" : "20070604 Assorted browser vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/ifsnatch/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/ifsnatch/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=381300", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=381300" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=382686", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=382686" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=381300", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=381300" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=382686", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=382686" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html" - }, - { - "name" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html" - }, - { - "name" : "DSA-1337", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1337" - }, - { - "name" : "DSA-1338", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1338" - }, - { - "name" : "DSA-1339", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1339" - }, - { - "name" : "GLSA-200708-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:152", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" - }, - { - "name" : "RHSA-2007:0722", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0722.html" - }, - { - "name" : "RHSA-2007:0723", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0723.html" - }, - { - "name" : "RHSA-2007:0724", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0724.html" - }, - { - "name" : "20070701-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" - }, - { - "name" : "103177", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1" - }, - { - "name" : "201516", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" - }, - { - "name" : "SUSE-SA:2007:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html" - }, - { - "name" : "USN-490-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-490-1" - }, - { - "name" : "TA07-199A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-199A.html" - }, - { - "name" : "VU#143297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/143297" - }, - { - "name" : "24286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24286" - }, - { - "name" : "38024", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38024" - }, - { - "name" : "oval:org.mitre.oval:def:11122", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122" - }, - { - "name" : "ADV-2007-2564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2564" - }, - { - "name" : "ADV-2007-4256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4256" - }, - { - "name" : "1018412", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018412" - }, - { - "name" : "26095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26095" - }, - { - "name" : "26103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26103" - }, - { - "name" : "26106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26106" - }, - { - "name" : "26107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26107" - }, - { - "name" : "25589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25589" - }, - { - "name" : "26179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26179" - }, - { - "name" : "26149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26149" - }, - { - "name" : "26151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26151" - }, - { - "name" : "26072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26072" - }, - { - "name" : "26211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26211" - }, - { - "name" : "26216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26216" - }, - { - "name" : "26204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26204" - }, - { - "name" : "26205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26205" - }, - { - "name" : "26159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26159" - }, - { - "name" : "26271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26271" - }, - { - "name" : "26258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26258" - }, - { - "name" : "26460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26460" - }, - { - "name" : "28135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28135" - }, - { - "name" : "2781", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2781" - }, - { - "name" : "firefox-iframe-security-bypass(34701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-490-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-490-1" + }, + { + "name": "1018412", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018412" + }, + { + "name": "26107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26107" + }, + { + "name": "VU#143297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/143297" + }, + { + "name": "26179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26179" + }, + { + "name": "ADV-2007-4256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4256" + }, + { + "name": "25589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25589" + }, + { + "name": "http://lcamtuf.coredump.cx/ifsnatch/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/ifsnatch/" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "MDKSA-2007:152", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152" + }, + { + "name": "GLSA-200708-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html" + }, + { + "name": "DSA-1339", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1339" + }, + { + "name": "oval:org.mitre.oval:def:11122", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122" + }, + { + "name": "TA07-199A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html" + }, + { + "name": "26151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26151" + }, + { + "name": "20070604 Assorted browser vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html" + }, + { + "name": "firefox-iframe-security-bypass(34701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34701" + }, + { + "name": "28135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28135" + }, + { + "name": "20070604 Assorted browser vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded" + }, + { + "name": "26216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26216" + }, + { + "name": "26103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26103" + }, + { + "name": "24286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24286" + }, + { + "name": "26072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26072" + }, + { + "name": "26149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26149" + }, + { + "name": "103177", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1" + }, + { + "name": "ADV-2007-2564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2564" + }, + { + "name": "DSA-1337", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1337" + }, + { + "name": "26211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26211" + }, + { + "name": "2781", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2781" + }, + { + "name": "26159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26159" + }, + { + "name": "SUSE-SA:2007:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "DSA-1338", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1338" + }, + { + "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300" + }, + { + "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html" + }, + { + "name": "26095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26095" + }, + { + "name": "20070724 FLEA-2007-0033-1: firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474542/100/0/threaded" + }, + { + "name": "26258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26258" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686" + }, + { + "name": "26460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26460" + }, + { + "name": "26106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26106" + }, + { + "name": "20070701-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686" + }, + { + "name": "RHSA-2007:0724", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0724.html" + }, + { + "name": "20070720 rPSA-2007-0148-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474226/100/0/threaded" + }, + { + "name": "RHSA-2007:0723", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0723.html" + }, + { + "name": "26271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26271" + }, + { + "name": "38024", + "refsource": "OSVDB", + "url": "http://osvdb.org/38024" + }, + { + "name": "RHSA-2007:0722", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0722.html" + }, + { + "name": "201516", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300" + }, + { + "name": "26204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26204" + }, + { + "name": "26205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26205" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3775.json b/2007/3xxx/CVE-2007-3775.json index 9829e08eb93..34d162ea659 100644 --- a/2007/3xxx/CVE-2007-3775.json +++ b/2007/3xxx/CVE-2007-3775.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml" - }, - { - "name" : "24867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24867" - }, - { - "name" : "ADV-2007-2511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2511" - }, - { - "name" : "36123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36123" - }, - { - "name" : "1018368", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018368" - }, - { - "name" : "26039", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26039" - }, - { - "name" : "cisco-callmanager-presence-system-dos(35341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018368", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018368" + }, + { + "name": "36123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36123" + }, + { + "name": "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml" + }, + { + "name": "26039", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26039" + }, + { + "name": "24867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24867" + }, + { + "name": "cisco-callmanager-presence-system-dos(35341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341" + }, + { + "name": "ADV-2007-2511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2511" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3980.json b/2007/3xxx/CVE-2007-3980.json index 68af0a95cba..db64bd4ce37 100644 --- a/2007/3xxx/CVE-2007-3980.json +++ b/2007/3xxx/CVE-2007-3980.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4210", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4210" - }, - { - "name" : "24995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24995" - }, - { - "name" : "ADV-2007-2614", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2614" - }, - { - "name" : "39108", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39108" - }, - { - "name" : "rgamescript-page-file-include(35541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39108", + "refsource": "OSVDB", + "url": "http://osvdb.org/39108" + }, + { + "name": "24995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24995" + }, + { + "name": "rgamescript-page-file-include(35541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35541" + }, + { + "name": "ADV-2007-2614", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2614" + }, + { + "name": "4210", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4210" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4257.json b/2007/4xxx/CVE-2007-4257.json index 0dcd3c7e875..449a7445b3e 100644 --- a/2007/4xxx/CVE-2007-4257.json +++ b/2007/4xxx/CVE-2007-4257.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4262", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4262" - }, - { - "name" : "4263", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4263" - }, - { - "name" : "25208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25208" - }, - { - "name" : "25206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25206" - }, - { - "name" : "46768", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46768" - }, - { - "name" : "46769", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25206" + }, + { + "name": "46769", + "refsource": "OSVDB", + "url": "http://osvdb.org/46769" + }, + { + "name": "46768", + "refsource": "OSVDB", + "url": "http://osvdb.org/46768" + }, + { + "name": "4263", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4263" + }, + { + "name": "4262", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4262" + }, + { + "name": "25208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25208" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4702.json b/2007/4xxx/CVE-2007-4702.json index ebe91cfeb44..ed473ca9fb9 100644 --- a/2007/4xxx/CVE-2007-4702.json +++ b/2007/4xxx/CVE-2007-4702.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2007-11-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307004", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307004" - }, - { - "name" : "26461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26461" - }, - { - "name" : "ADV-2007-3897", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3897" - }, - { - "name" : "1018958", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018958" - }, - { - "name" : "27695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27695" - }, - { - "name" : "macosx-appfw-connect-bypass(38506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application Firewall in Apple Mac OS X 10.5, when \"Block all incoming connections\" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27695" + }, + { + "name": "APPLE-SA-2007-11-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html" + }, + { + "name": "ADV-2007-3897", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3897" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307004", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307004" + }, + { + "name": "26461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26461" + }, + { + "name": "1018958", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018958" + }, + { + "name": "macosx-appfw-connect-bypass(38506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38506" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4791.json b/2007/4xxx/CVE-2007-4791.json index 87849b83f28..9f8148fbd4c 100644 --- a/2007/4xxx/CVE-2007-4791.json +++ b/2007/4xxx/CVE-2007-4791.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856" - }, - { - "name" : "IY98804", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98804" - }, - { - "name" : "IY98819", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98819" - }, - { - "name" : "IY98532", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98532" - }, - { - "name" : "25562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25562" - }, - { - "name" : "40400", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40400" - }, - { - "name" : "ADV-2007-3059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3059" - }, - { - "name" : "26715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40400", + "refsource": "OSVDB", + "url": "http://osvdb.org/40400" + }, + { + "name": "IY98804", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98804" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3855" + }, + { + "name": "25562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25562" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3856" + }, + { + "name": "26715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26715" + }, + { + "name": "IY98819", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98819" + }, + { + "name": "IY98532", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98532" + }, + { + "name": "ADV-2007-3059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3059" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4921.json b/2007/4xxx/CVE-2007-4921.json index b7429dfefd3..d7484eecd1b 100644 --- a/2007/4xxx/CVE-2007-4921.json +++ b/2007/4xxx/CVE-2007-4921.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4405", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4405" - }, - { - "name" : "http://arfis.wordpress.com/2007/09/14/rfi-02-ajax-file-browser/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/14/rfi-02-ajax-file-browser/" - }, - { - "name" : "ADV-2007-3175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3175" - }, - { - "name" : "38970", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38970" - }, - { - "name" : "ajax-settingsinc-file-include(36604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3175" + }, + { + "name": "38970", + "refsource": "OSVDB", + "url": "http://osvdb.org/38970" + }, + { + "name": "4405", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4405" + }, + { + "name": "http://arfis.wordpress.com/2007/09/14/rfi-02-ajax-file-browser/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/14/rfi-02-ajax-file-browser/" + }, + { + "name": "ajax-settingsinc-file-include(36604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36604" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5121.json b/2014/5xxx/CVE-2014-5121.json index 5b5559bec80..00747443aca 100644 --- a/2014/5xxx/CVE-2014-5121.json +++ b/2014/5xxx/CVE-2014-5121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140820 ArcGIS for Server Vulnerability Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533189/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127959/ArcGIS-For-Server-10.1.1-XSS-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127959/ArcGIS-For-Server-10.1.1-XSS-Open-Redirect.html" - }, - { - "name" : "1030752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/127959/ArcGIS-For-Server-10.1.1-XSS-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127959/ArcGIS-For-Server-10.1.1-XSS-Open-Redirect.html" + }, + { + "name": "20140820 ArcGIS for Server Vulnerability Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533189/100/0/threaded" + }, + { + "name": "1030752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030752" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5795.json b/2014/5xxx/CVE-2014-5795.json index 7e6ba6aeb85..0a35d81c7f5 100644 --- a/2014/5xxx/CVE-2014-5795.json +++ b/2014/5xxx/CVE-2014-5795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5795", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5795. Reason: This candidate is a duplicate of CVE-2013-5795. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5795", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5795. Reason: This candidate is a duplicate of CVE-2013-5795. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2595.json b/2015/2xxx/CVE-2015-2595.json index ccc5a5aa282..45d0cca5250 100644 --- a/2015/2xxx/CVE-2015-2595.json +++ b/2015/2xxx/CVE-2015-2595.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032903" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2962.json b/2015/2xxx/CVE-2015-2962.json index fc09448f303..0c1d034c078 100644 --- a/2015/2xxx/CVE-2015-2962.json +++ b/2015/2xxx/CVE-2015-2962.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#24336273", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN24336273/index.html" - }, - { - "name" : "JVNDB-2015-000087", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000087" - }, - { - "name" : "75183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000087", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000087" + }, + { + "name": "JVN#24336273", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN24336273/index.html" + }, + { + "name": "75183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75183" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6236.json b/2015/6xxx/CVE-2015-6236.json index a07d388064c..ea62367061c 100644 --- a/2015/6xxx/CVE-2015-6236.json +++ b/2015/6xxx/CVE-2015-6236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6236", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6236", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6635.json b/2015/6xxx/CVE-2015-6635.json index aeef2279257..61fa37894aa 100644 --- a/2015/6xxx/CVE-2015-6635.json +++ b/2015/6xxx/CVE-2015-6635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6815.json b/2015/6xxx/CVE-2015-6815.json index 810a734afd5..02c03b819a0 100644 --- a/2015/6xxx/CVE-2015-6815.json +++ b/2015/6xxx/CVE-2015-6815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7198.json b/2015/7xxx/CVE-2015-7198.json index 3a6129702b1..119a51d9cd1 100644 --- a/2015/7xxx/CVE-2015-7198.json +++ b/2015/7xxx/CVE-2015-7198.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1188010", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1188010" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3410", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3410" - }, - { - "name" : "DSA-3393", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3393" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:2519", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2519.html" - }, - { - "name" : "RHSA-2015:1982", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1982.html" - }, - { - "name" : "openSUSE-SU-2015:2229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html" - }, - { - "name" : "openSUSE-SU-2015:2245", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html" - }, - { - "name" : "SUSE-SU-2015:1926", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1942", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1978", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html" - }, - { - "name" : "SUSE-SU-2015:1981", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "USN-2819-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2819-1" - }, - { - "name" : "USN-2785-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2785-1" - }, - { - "name" : "77411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77411" - }, - { - "name" : "1034069", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034069", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034069" + }, + { + "name": "DSA-3410", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3410" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "77411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77411" + }, + { + "name": "SUSE-SU-2015:1981", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html" + }, + { + "name": "openSUSE-SU-2015:2229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html" + }, + { + "name": "RHSA-2015:2519", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2519.html" + }, + { + "name": "USN-2785-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2785-1" + }, + { + "name": "SUSE-SU-2015:1926", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "RHSA-2015:1982", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1982.html" + }, + { + "name": "USN-2819-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2819-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-131.html" + }, + { + "name": "openSUSE-SU-2015:1942", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html" + }, + { + "name": "DSA-3393", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3393" + }, + { + "name": "openSUSE-SU-2015:2245", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188010", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188010" + }, + { + "name": "SUSE-SU-2015:1978", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7282.json b/2015/7xxx/CVE-2015-7282.json index 5801912f72c..93c354124a4 100644 --- a/2015/7xxx/CVE-2015-7282.json +++ b/2015/7xxx/CVE-2015-7282.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#167992", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/167992" - }, - { - "name" : "78814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78814" + }, + { + "name": "VU#167992", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/167992" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7708.json b/2015/7xxx/CVE-2015-7708.json index 03ed5d9d2a2..b0ac183dfef 100644 --- a/2015/7xxx/CVE-2015-7708.json +++ b/2015/7xxx/CVE-2015-7708.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150925 Stored XSS in 4images <= v1.7.11", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/95" - }, - { - "name" : "http://packetstormsecurity.com/files/133712/4images-1.7.11-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133712/4images-1.7.11-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133712/4images-1.7.11-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133712/4images-1.7.11-Cross-Site-Scripting.html" + }, + { + "name": "20150925 Stored XSS in 4images <= v1.7.11", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/95" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0479.json b/2016/0xxx/CVE-2016-0479.json index 20be56f3a43..e6257325ae3 100644 --- a/2016/0xxx/CVE-2016-0479.json +++ b/2016/0xxx/CVE-2016-0479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "1035618", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035618", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035618" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0607.json b/2016/0xxx/CVE-2016-0607.json index dcf7d3630ca..d35d5c7045b 100644 --- a/2016/0xxx/CVE-2016-0607.json +++ b/2016/0xxx/CVE-2016-0607.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "openSUSE-SU-2016:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" - }, - { - "name" : "USN-2881-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2881-1" - }, - { - "name" : "81238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81238" - }, - { - "name" : "1034708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81238" + }, + { + "name": "openSUSE-SU-2016:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" + }, + { + "name": "1034708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034708" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "USN-2881-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2881-1" + }, + { + "name": "openSUSE-SU-2016:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0913.json b/2016/0xxx/CVE-2016-0913.json index 5a8a0120610..a6f2a87d1ae 100644 --- a/2016/0xxx/CVE-2016-0913.json +++ b/2016/0xxx/CVE-2016-0913.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20161004 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Oct/6" - }, - { - "name" : "93348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93348" - }, - { - "name" : "1036940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036940" + }, + { + "name": "93348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93348" + }, + { + "name": "20161004 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Oct/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000116.json b/2016/1000xxx/CVE-2016-1000116.json index 2eeec6a3631..269b154dbcb 100644 --- a/2016/1000xxx/CVE-2016-1000116.json +++ b/2016/1000xxx/CVE-2016-1000116.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://huge-it.com/joomla-portfolio-gallery/", - "refsource" : "MISC", - "url" : "http://huge-it.com/joomla-portfolio-gallery/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=165", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=165" - }, - { - "name" : "93821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93821" + }, + { + "name": "http://huge-it.com/joomla-portfolio-gallery/", + "refsource": "MISC", + "url": "http://huge-it.com/joomla-portfolio-gallery/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=165", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=165" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10021.json b/2016/10xxx/CVE-2016-10021.json index 3cabac69258..f0c81dc5d0b 100644 --- a/2016/10xxx/CVE-2016-10021.json +++ b/2016/10xxx/CVE-2016-10021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10021", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10021", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10532.json b/2016/10xxx/CVE-2016-10532.json index f95f9523c57..5112aab2d50 100644 --- a/2016/10xxx/CVE-2016-10532.json +++ b/2016/10xxx/CVE-2016-10532.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "console-io node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=2.2.13" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "console-io node module", + "version": { + "version_data": [ + { + "version_value": "<=2.2.13" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/90", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/90", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/90" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10708.json b/2016/10xxx/CVE-2016-10708.json index 96d48a25194..0787e1139f0 100644 --- a/2016/10xxx/CVE-2016-10708.json +++ b/2016/10xxx/CVE-2016-10708.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html" - }, - { - "name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" - }, - { - "name" : "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", - "refsource" : "MISC", - "url" : "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html" - }, - { - "name" : "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", - "refsource" : "MISC", - "url" : "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737" - }, - { - "name" : "https://www.openssh.com/releasenotes.html", - "refsource" : "MISC", - "url" : "https://www.openssh.com/releasenotes.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180423-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180423-0003/" - }, - { - "name" : "USN-3809-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3809-1/" - }, - { - "name" : "102780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openssh.com/releasenotes.html", + "refsource": "MISC", + "url": "https://www.openssh.com/releasenotes.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180423-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180423-0003/" + }, + { + "name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html" + }, + { + "name": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737", + "refsource": "MISC", + "url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737" + }, + { + "name": "USN-3809-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3809-1/" + }, + { + "name": "102780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102780" + }, + { + "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "name": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html", + "refsource": "MISC", + "url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1239.json b/2016/1xxx/CVE-2016-1239.json index 620048b59dd..69135c7c50f 100644 --- a/2016/1xxx/CVE-2016-1239.json +++ b/2016/1xxx/CVE-2016-1239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1504.json b/2016/1xxx/CVE-2016-1504.json index c501501783f..4d7c052d835 100644 --- a/2016/1xxx/CVE-2016-1504.json +++ b/2016/1xxx/CVE-2016-1504.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160107 CVE id request: dhcpcd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/07/3" - }, - { - "name" : "[oss-security] 20160107 Re: CVE id request: dhcpcd", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/07/4" - }, - { - "name" : "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403", - "refsource" : "CONFIRM", - "url" : "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403" - }, - { - "name" : "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200", - "refsource" : "CONFIRM", - "url" : "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200" - }, - { - "name" : "GLSA-201606-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-07" - }, - { - "name" : "1034601", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160107 CVE id request: dhcpcd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/07/3" + }, + { + "name": "[oss-security] 20160107 Re: CVE id request: dhcpcd", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/07/4" + }, + { + "name": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403", + "refsource": "CONFIRM", + "url": "http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403" + }, + { + "name": "GLSA-201606-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-07" + }, + { + "name": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200", + "refsource": "CONFIRM", + "url": "http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200" + }, + { + "name": "1034601", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034601" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1627.json b/2016/1xxx/CVE-2016-1627.json index 714162e3b68..b5ae1cf4340 100644 --- a/2016/1xxx/CVE-2016-1627.json +++ b/2016/1xxx/CVE-2016-1627.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=571121", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=571121" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=585517", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=585517" - }, - { - "name" : "https://codereview.chromium.org/1586903002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1586903002" - }, - { - "name" : "DSA-3486", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3486" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2016:0241", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0241.html" - }, - { - "name" : "openSUSE-SU-2016:0518", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html" - }, - { - "name" : "openSUSE-SU-2016:0491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html" - }, - { - "name" : "83125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83125" - }, - { - "name" : "1035183", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codereview.chromium.org/1586903002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1586903002" + }, + { + "name": "83125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83125" + }, + { + "name": "1035183", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035183" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=585517", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=585517" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=571121", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=571121" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "openSUSE-SU-2016:0491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html" + }, + { + "name": "openSUSE-SU-2016:0518", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html" + }, + { + "name": "DSA-3486", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3486" + }, + { + "name": "RHSA-2016:0241", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0241.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4138.json b/2016/4xxx/CVE-2016-4138.json index 1cf6b481ed0..486b453e5ee 100644 --- a/2016/4xxx/CVE-2016-4138.json +++ b/2016/4xxx/CVE-2016-4138.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40090", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40090/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "40090", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40090/" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4152.json b/2016/4xxx/CVE-2016-4152.json index 3634cfc841d..bda70e8e634 100644 --- a/2016/4xxx/CVE-2016-4152.json +++ b/2016/4xxx/CVE-2016-4152.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" - }, - { - "name" : "MS16-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" - }, - { - "name" : "RHSA-2016:1238", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1238" - }, - { - "name" : "SUSE-SU-2016:1613", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" - }, - { - "name" : "openSUSE-SU-2016:1621", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" - }, - { - "name" : "1036117", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036117", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036117" + }, + { + "name": "MS16-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" + }, + { + "name": "openSUSE-SU-2016:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html" + }, + { + "name": "RHSA-2016:1238", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1238" + }, + { + "name": "openSUSE-SU-2016:1621", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html" + }, + { + "name": "SUSE-SU-2016:1613", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4864.json b/2016/4xxx/CVE-2016-4864.json index 6d23ec81b52..db81b848bc5 100644 --- a/2016/4xxx/CVE-2016-4864.json +++ b/2016/4xxx/CVE-2016-4864.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "H2O", - "version" : { - "version_data" : [ - { - "version_value" : "versions 2.0.3 and earlier" - }, - { - "version_value" : "versions 2.1.0-beta2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Kazuho Oku" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Format String Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "H2O", + "version": { + "version_data": [ + { + "version_value": "versions 2.0.3 and earlier" + }, + { + "version_value": "versions 2.1.0-beta2 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Kazuho Oku" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/h2o/h2o/issues/1077", - "refsource" : "CONFIRM", - "url" : "https://github.com/h2o/h2o/issues/1077" - }, - { - "name" : "JVN#94779084", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN94779084/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Format String Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/h2o/h2o/issues/1077", + "refsource": "CONFIRM", + "url": "https://github.com/h2o/h2o/issues/1077" + }, + { + "name": "JVN#94779084", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN94779084/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003005.json b/2019/1003xxx/CVE-2019-1003005.json index a2cbc759385..5342d32ff23 100644 --- a/2019/1003xxx/CVE-2019-1003005.json +++ b/2019/1003xxx/CVE-2019-1003005.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-02-06T02:59:03.172123", - "ID" : "CVE-2019-1003005", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Script Security Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.50 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-02-06T02:59:03.172123", + "ID": "CVE-2019-1003005", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jenkins Script Security Plugin", + "version": { + "version_data": [ + { + "version_value": "1.50 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3266.json b/2019/3xxx/CVE-2019-3266.json index de0492586d5..a2bb2be08af 100644 --- a/2019/3xxx/CVE-2019-3266.json +++ b/2019/3xxx/CVE-2019-3266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3281.json b/2019/3xxx/CVE-2019-3281.json index a7bc98b26ec..af29441e868 100644 --- a/2019/3xxx/CVE-2019-3281.json +++ b/2019/3xxx/CVE-2019-3281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3481.json b/2019/3xxx/CVE-2019-3481.json index 177cd42af62..2cadbe6c645 100644 --- a/2019/3xxx/CVE-2019-3481.json +++ b/2019/3xxx/CVE-2019-3481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3481", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3481", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3811.json b/2019/3xxx/CVE-2019-3811.json index d6492319baa..5a1f1401a86 100644 --- a/2019/3xxx/CVE-2019-3811.json +++ b/2019/3xxx/CVE-2019-3811.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2019-3811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "sssd", - "version" : { - "version_data" : [ - { - "version_value" : "2.1" - } - ] - } - } - ] - }, - "vendor_name" : "The sssd Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.1/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-552" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2019-3811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sssd", + "version": { + "version_data": [ + { + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "The sssd Project" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.1/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811" - }, - { - "name" : "106644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106644" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html" + }, + { + "name": "106644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106644" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4192.json b/2019/4xxx/CVE-2019-4192.json index e98bea7c78a..3a479c56ac6 100644 --- a/2019/4xxx/CVE-2019-4192.json +++ b/2019/4xxx/CVE-2019-4192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4198.json b/2019/4xxx/CVE-2019-4198.json index 2ff1c7e6800..2cb13f2d2b5 100644 --- a/2019/4xxx/CVE-2019-4198.json +++ b/2019/4xxx/CVE-2019-4198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4198", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4391.json b/2019/4xxx/CVE-2019-4391.json index 72ce5506f35..a992031ae2f 100644 --- a/2019/4xxx/CVE-2019-4391.json +++ b/2019/4xxx/CVE-2019-4391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4661.json b/2019/4xxx/CVE-2019-4661.json index 70f17d83a0e..10804b71bdf 100644 --- a/2019/4xxx/CVE-2019-4661.json +++ b/2019/4xxx/CVE-2019-4661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6409.json b/2019/6xxx/CVE-2019-6409.json index 2a797e87e6a..3db13f83dbb 100644 --- a/2019/6xxx/CVE-2019-6409.json +++ b/2019/6xxx/CVE-2019-6409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6496.json b/2019/6xxx/CVE-2019-6496.json index 192bddd19dd..eea565e616a 100644 --- a/2019/6xxx/CVE-2019-6496.json +++ b/2019/6xxx/CVE-2019-6496.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/", - "refsource" : "MISC", - "url" : "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/" - }, - { - "name" : "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/", - "refsource" : "MISC", - "url" : "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/" - }, - { - "name" : "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf", - "refsource" : "MISC", - "url" : "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf" - }, - { - "name" : "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement", - "refsource" : "CONFIRM", - "url" : "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement" - }, - { - "name" : "https://www.synology.com/security/advisory/Synology_SA_19_07", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/security/advisory/Synology_SA_19_07" - }, - { - "name" : "VU#730261", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/730261/" - }, - { - "name" : "106865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement", + "refsource": "CONFIRM", + "url": "https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement" + }, + { + "name": "106865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106865" + }, + { + "name": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf", + "refsource": "MISC", + "url": "https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf" + }, + { + "name": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/", + "refsource": "MISC", + "url": "https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/" + }, + { + "name": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/", + "refsource": "MISC", + "url": "https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/" + }, + { + "name": "https://www.synology.com/security/advisory/Synology_SA_19_07", + "refsource": "CONFIRM", + "url": "https://www.synology.com/security/advisory/Synology_SA_19_07" + }, + { + "name": "VU#730261", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/730261/" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7095.json b/2019/7xxx/CVE-2019-7095.json index 72517a2bb11..be125e2daa2 100644 --- a/2019/7xxx/CVE-2019-7095.json +++ b/2019/7xxx/CVE-2019-7095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7095", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7095", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7437.json b/2019/7xxx/CVE-2019-7437.json index 683c7890c2b..25e77100ae7 100644 --- a/2019/7xxx/CVE-2019-7437.json +++ b/2019/7xxx/CVE-2019-7437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7469.json b/2019/7xxx/CVE-2019-7469.json index b8e52aaf615..d96f99a0898 100644 --- a/2019/7xxx/CVE-2019-7469.json +++ b/2019/7xxx/CVE-2019-7469.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7469", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7469", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7551.json b/2019/7xxx/CVE-2019-7551.json index f4ef2b2c61b..450a4ce4a8c 100644 --- a/2019/7xxx/CVE-2019-7551.json +++ b/2019/7xxx/CVE-2019-7551.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7551", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7551", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8036.json b/2019/8xxx/CVE-2019-8036.json index c46608768be..0cb797f80c0 100644 --- a/2019/8xxx/CVE-2019-8036.json +++ b/2019/8xxx/CVE-2019-8036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8771.json b/2019/8xxx/CVE-2019-8771.json index 3f8d0857fb5..c3f3776d08e 100644 --- a/2019/8xxx/CVE-2019-8771.json +++ b/2019/8xxx/CVE-2019-8771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8804.json b/2019/8xxx/CVE-2019-8804.json index 47ba941fe7f..4fba1fb9e38 100644 --- a/2019/8xxx/CVE-2019-8804.json +++ b/2019/8xxx/CVE-2019-8804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9196.json b/2019/9xxx/CVE-2019-9196.json index fd46072ef75..2bd386c9d48 100644 --- a/2019/9xxx/CVE-2019-9196.json +++ b/2019/9xxx/CVE-2019-9196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9218.json b/2019/9xxx/CVE-2019-9218.json index d6930b5e193..e3f1ab059f8 100644 --- a/2019/9xxx/CVE-2019-9218.json +++ b/2019/9xxx/CVE-2019-9218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9656.json b/2019/9xxx/CVE-2019-9656.json index 444b61df459..3fe9848af33 100644 --- a/2019/9xxx/CVE-2019-9656.json +++ b/2019/9xxx/CVE-2019-9656.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/libofx", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/libofx" - }, - { - "name" : "https://github.com/libofx/libofx/issues/22", - "refsource" : "MISC", - "url" : "https://github.com/libofx/libofx/issues/22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/libofx", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/libofx" + }, + { + "name": "https://github.com/libofx/libofx/issues/22", + "refsource": "MISC", + "url": "https://github.com/libofx/libofx/issues/22" + } + ] + } +} \ No newline at end of file