diff --git a/2007/0xxx/CVE-2007-0410.json b/2007/0xxx/CVE-2007-0410.json index e76c26b99bc..35b632b154c 100644 --- a/2007/0xxx/CVE-2007-0410.json +++ b/2007/0xxx/CVE-2007-0410.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified \"sequences of events.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA07-137.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/204" - }, - { - "name" : "22082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22082" - }, - { - "name" : "ADV-2007-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0213" - }, - { - "name" : "38502", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38502" - }, - { - "name" : "1017525", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017525" - }, - { - "name" : "23750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified \"sequences of events.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA07-137.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/204" + }, + { + "name": "1017525", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017525" + }, + { + "name": "23750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23750" + }, + { + "name": "22082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22082" + }, + { + "name": "38502", + "refsource": "OSVDB", + "url": "http://osvdb.org/38502" + }, + { + "name": "ADV-2007-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0213" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0814.json b/2007/0xxx/CVE-2007-0814.json index 5bb6b05f1d3..97a6a1fe160 100644 --- a/2007/0xxx/CVE-2007-0814.json +++ b/2007/0xxx/CVE-2007-0814.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070203 Adrenalin's ASP Chat XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459144/100/0/threaded" - }, - { - "name" : "http://forums.avenir-geopolitique.net/viewtopic.php?t=2620", - "refsource" : "MISC", - "url" : "http://forums.avenir-geopolitique.net/viewtopic.php?t=2620" - }, - { - "name" : "22392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22392" - }, - { - "name" : "33654", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33654" - }, - { - "name" : "2233", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2233" - }, - { - "name" : "adrenalin-unspecified-script-xss(32203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070203 Adrenalin's ASP Chat XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459144/100/0/threaded" + }, + { + "name": "2233", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2233" + }, + { + "name": "33654", + "refsource": "OSVDB", + "url": "http://osvdb.org/33654" + }, + { + "name": "22392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22392" + }, + { + "name": "adrenalin-unspecified-script-xss(32203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32203" + }, + { + "name": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2620", + "refsource": "MISC", + "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2620" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0995.json b/2007/0xxx/CVE-2007-0995.json index 84314b3997c..c1615cdeb11 100644 --- a/2007/0xxx/CVE-2007-0995.json +++ b/2007/0xxx/CVE-2007-0995.json @@ -1,312 +1,312 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-0995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070226 rPSA-2007-0040-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461336/100/0/threaded" - }, - { - "name" : "20070303 rPSA-2007-0040-3 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461809/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" - }, - { - "name" : "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1081", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1081" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1103", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1103" - }, - { - "name" : "DSA-1336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1336" - }, - { - "name" : "FEDORA-2007-281", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2713" - }, - { - "name" : "FEDORA-2007-293", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2728" - }, - { - "name" : "GLSA-200703-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-04.xml" - }, - { - "name" : "GLSA-200703-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:050", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" - }, - { - "name" : "RHSA-2007:0079", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0079.html" - }, - { - "name" : "RHSA-2007:0077", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0077.html" - }, - { - "name" : "RHSA-2007:0078", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0078.html" - }, - { - "name" : "RHSA-2007:0097", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0097.html" - }, - { - "name" : "RHSA-2007:0108", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0108.html" - }, - { - "name" : "20070301-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" - }, - { - "name" : "20070202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" - }, - { - "name" : "SSA:2007-066-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851" - }, - { - "name" : "SSA:2007-066-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131" - }, - { - "name" : "SUSE-SA:2007:019", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" - }, - { - "name" : "SUSE-SA:2007:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" - }, - { - "name" : "USN-428-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-428-1" - }, - { - "name" : "22694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22694" - }, - { - "name" : "oval:org.mitre.oval:def:10164", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164" - }, - { - "name" : "ADV-2007-0718", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0718" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "32111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32111" - }, - { - "name" : "32112", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32112" - }, - { - "name" : "1017702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017702" - }, - { - "name" : "24238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24238" - }, - { - "name" : "24287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24287" - }, - { - "name" : "24290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24290" - }, - { - "name" : "24205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24205" - }, - { - "name" : "24328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24328" - }, - { - "name" : "24333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24333" - }, - { - "name" : "24343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24343" - }, - { - "name" : "24320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24320" - }, - { - "name" : "24293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24293" - }, - { - "name" : "24393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24393" - }, - { - "name" : "24395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24395" - }, - { - "name" : "24384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24384" - }, - { - "name" : "24437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24437" - }, - { - "name" : "24650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24650" - }, - { - "name" : "24455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24455" - }, - { - "name" : "24457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24457" - }, - { - "name" : "24342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24342" - }, - { - "name" : "25588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0078", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html" + }, + { + "name": "24395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24395" + }, + { + "name": "20070226 rPSA-2007-0040-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded" + }, + { + "name": "24328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24328" + }, + { + "name": "RHSA-2007:0108", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html" + }, + { + "name": "GLSA-200703-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml" + }, + { + "name": "GLSA-200703-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml" + }, + { + "name": "SSA:2007-066-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851" + }, + { + "name": "24384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24384" + }, + { + "name": "24457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24457" + }, + { + "name": "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2", + "refsource": "MISC", + "url": "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2" + }, + { + "name": "24343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24343" + }, + { + "name": "DSA-1336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1336" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html" + }, + { + "name": "ADV-2007-0718", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0718" + }, + { + "name": "24650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24650" + }, + { + "name": "32111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32111" + }, + { + "name": "USN-428-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-428-1" + }, + { + "name": "oval:org.mitre.oval:def:10164", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164" + }, + { + "name": "24320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24320" + }, + { + "name": "25588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25588" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1103", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1103" + }, + { + "name": "SUSE-SA:2007:019", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "20070303 rPSA-2007-0040-3 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded" + }, + { + "name": "SUSE-SA:2007:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html" + }, + { + "name": "24293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24293" + }, + { + "name": "24238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24238" + }, + { + "name": "24393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24393" + }, + { + "name": "24342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24342" + }, + { + "name": "24287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24287" + }, + { + "name": "22694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22694" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "FEDORA-2007-281", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2713" + }, + { + "name": "RHSA-2007:0097", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html" + }, + { + "name": "1017702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017702" + }, + { + "name": "FEDORA-2007-293", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2728" + }, + { + "name": "20070301-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc" + }, + { + "name": "24205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24205" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1081", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1081" + }, + { + "name": "24333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24333" + }, + { + "name": "MDKSA-2007:050", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050" + }, + { + "name": "24290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24290" + }, + { + "name": "24455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24455" + }, + { + "name": "RHSA-2007:0077", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html" + }, + { + "name": "20070202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc" + }, + { + "name": "32112", + "refsource": "OSVDB", + "url": "http://osvdb.org/32112" + }, + { + "name": "SSA:2007-066-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131" + }, + { + "name": "RHSA-2007:0079", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html" + }, + { + "name": "24437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24437" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1049.json b/2007/1xxx/CVE-2007-1049.json index 36f619f4dfa..42968594553 100644 --- a/2007/1xxx/CVE-2007-1049.json +++ b/2007/1xxx/CVE-2007-1049.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html" - }, - { - "name" : "http://trac.wordpress.org/changeset/4876", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/changeset/4876" - }, - { - "name" : "http://trac.wordpress.org/changeset/4877", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/changeset/4877" - }, - { - "name" : "http://trac.wordpress.org/ticket/3781", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/ticket/3781" - }, - { - "name" : "GLSA-200703-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml" - }, - { - "name" : "22534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22534" - }, - { - "name" : "ADV-2007-0741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0741" - }, - { - "name" : "33766", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33766" - }, - { - "name" : "24306", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24306" - }, - { - "name" : "24566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.wordpress.org/changeset/4876", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/changeset/4876" + }, + { + "name": "24306", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24306" + }, + { + "name": "http://trac.wordpress.org/changeset/4877", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/changeset/4877" + }, + { + "name": "ADV-2007-0741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0741" + }, + { + "name": "33766", + "refsource": "OSVDB", + "url": "http://osvdb.org/33766" + }, + { + "name": "22534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22534" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html" + }, + { + "name": "24566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24566" + }, + { + "name": "GLSA-200703-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml" + }, + { + "name": "http://trac.wordpress.org/ticket/3781", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/ticket/3781" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1583.json b/2007/1xxx/CVE-2007-1583.json index 49aac53dd12..0f9a4392352 100644 --- a/2007/1xxx/CVE-2007-1583.json +++ b/2007/1xxx/CVE-2007-1583.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466166/100/0/threaded" - }, - { - "name" : "http://www.php-security.org/MOPB/MOPB-26-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/MOPB-26-2007.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1268", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1268" - }, - { - "name" : "http://us2.php.net/releases/4_4_7.php", - "refsource" : "CONFIRM", - "url" : "http://us2.php.net/releases/4_4_7.php" - }, - { - "name" : "http://us2.php.net/releases/5_2_2.php", - "refsource" : "CONFIRM", - "url" : "http://us2.php.net/releases/5_2_2.php" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "DSA-1283", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1283" - }, - { - "name" : "GLSA-200705-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-19.xml" - }, - { - "name" : "MDKSA-2007:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088" - }, - { - "name" : "MDKSA-2007:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089" - }, - { - "name" : "MDKSA-2007:090", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090" - }, - { - "name" : "RHSA-2007:0155", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0155.html" - }, - { - "name" : "RHSA-2007:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0153.html" - }, - { - "name" : "RHSA-2007:0162", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0162.html" - }, - { - "name" : "SUSE-SA:2007:032", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_32_php.html" - }, - { - "name" : "USN-455-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-455-1" - }, - { - "name" : "23016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23016" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "oval:org.mitre.oval:def:10245", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "24924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24924" - }, - { - "name" : "24965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24965" - }, - { - "name" : "24945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24945" - }, - { - "name" : "25062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25062" - }, - { - "name" : "25057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25057" - }, - { - "name" : "24909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24909" - }, - { - "name" : "25056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25056" - }, - { - "name" : "25445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25445" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "25056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25056" + }, + { + "name": "DSA-1283", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1283" + }, + { + "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "GLSA-200705-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" + }, + { + "name": "oval:org.mitre.oval:def:10245", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245" + }, + { + "name": "RHSA-2007:0162", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html" + }, + { + "name": "23016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23016" + }, + { + "name": "http://us2.php.net/releases/4_4_7.php", + "refsource": "CONFIRM", + "url": "http://us2.php.net/releases/4_4_7.php" + }, + { + "name": "25062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25062" + }, + { + "name": "MDKSA-2007:090", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090" + }, + { + "name": "USN-455-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-455-1" + }, + { + "name": "24909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24909" + }, + { + "name": "24945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24945" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1268", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1268" + }, + { + "name": "http://us2.php.net/releases/5_2_2.php", + "refsource": "CONFIRM", + "url": "http://us2.php.net/releases/5_2_2.php" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "24924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24924" + }, + { + "name": "RHSA-2007:0155", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html" + }, + { + "name": "24965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24965" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "MDKSA-2007:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089" + }, + { + "name": "25445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25445" + }, + { + "name": "http://www.php-security.org/MOPB/MOPB-26-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/MOPB-26-2007.html" + }, + { + "name": "25057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25057" + }, + { + "name": "SUSE-SA:2007:032", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" + }, + { + "name": "MDKSA-2007:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + }, + { + "name": "RHSA-2007:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0153.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1894.json b/2007/1xxx/CVE-2007-1894.json index 2eece6c7427..45378a03da8 100644 --- a/2007/1xxx/CVE-2007-1894.json +++ b/2007/1xxx/CVE-2007-1894.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070309 WordPress XSS under function wp_title()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462374/100/0/threaded" - }, - { - "name" : "http://chxsecurity.org/advisories/adv-1-mid.txt", - "refsource" : "MISC", - "url" : "http://chxsecurity.org/advisories/adv-1-mid.txt" - }, - { - "name" : "http://trac.wordpress.org/changeset/5003", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/changeset/5003" - }, - { - "name" : "http://trac.wordpress.org/ticket/4093", - "refsource" : "CONFIRM", - "url" : "http://trac.wordpress.org/ticket/4093" - }, - { - "name" : "DSA-1285", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1285" - }, - { - "name" : "22902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22902" - }, - { - "name" : "24485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24485" - }, - { - "name" : "25108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25108" - }, - { - "name" : "2526", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24485" + }, + { + "name": "22902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22902" + }, + { + "name": "http://trac.wordpress.org/changeset/5003", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/changeset/5003" + }, + { + "name": "25108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25108" + }, + { + "name": "20070309 WordPress XSS under function wp_title()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462374/100/0/threaded" + }, + { + "name": "http://trac.wordpress.org/ticket/4093", + "refsource": "CONFIRM", + "url": "http://trac.wordpress.org/ticket/4093" + }, + { + "name": "2526", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2526" + }, + { + "name": "DSA-1285", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1285" + }, + { + "name": "http://chxsecurity.org/advisories/adv-1-mid.txt", + "refsource": "MISC", + "url": "http://chxsecurity.org/advisories/adv-1-mid.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4177.json b/2007/4xxx/CVE-2007-4177.json index 0a869675ea9..19d0ece07ef 100644 --- a/2007/4xxx/CVE-2007-4177.json +++ b/2007/4xxx/CVE-2007-4177.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259&r2=1.260", - "refsource" : "MISC", - "url" : "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259&r2=1.260" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=528858&group_id=69681", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=528858&group_id=69681" - }, - { - "name" : "25173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25173" - }, - { - "name" : "36440", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36440" - }, - { - "name" : "26304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26304" - }, - { - "name" : "interact-unspecified-xss(35765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36440", + "refsource": "OSVDB", + "url": "http://osvdb.org/36440" + }, + { + "name": "interact-unspecified-xss(35765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765" + }, + { + "name": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259&r2=1.260", + "refsource": "MISC", + "url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259&r2=1.260" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=528858&group_id=69681", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=528858&group_id=69681" + }, + { + "name": "25173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25173" + }, + { + "name": "26304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26304" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4222.json b/2007/4xxx/CVE-2007-4222.json index 78bf7758420..d0cdee3483b 100644 --- a/2007/4xxx/CVE-2007-4222.json +++ b/2007/4xxx/CVE-2007-4222.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071023 IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930" - }, - { - "name" : "26200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26200" - }, - { - "name" : "1018857", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018857" - }, - { - "name" : "notes-html-bo(37363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930" + }, + { + "name": "26200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26200" + }, + { + "name": "1018857", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018857" + }, + { + "name": "notes-html-bo(37363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37363" + }, + { + "name": "20071023 IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4228.json b/2007/4xxx/CVE-2007-4228.json index b932581cd52..5efb3c72607 100644 --- a/2007/4xxx/CVE-2007-4228.json +++ b/2007/4xxx/CVE-2007-4228.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY93393", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY93393" - }, - { - "name" : "25217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25217" - }, - { - "name" : "ADV-2007-2796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2796" - }, - { - "name" : "36788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36788" - }, - { - "name" : "1018522", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018522" - }, - { - "name" : "26349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26349" - }, - { - "name" : "aix-rmpvc-dos(35845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25217" + }, + { + "name": "26349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26349" + }, + { + "name": "ADV-2007-2796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2796" + }, + { + "name": "IY93393", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY93393" + }, + { + "name": "1018522", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018522" + }, + { + "name": "36788", + "refsource": "OSVDB", + "url": "http://osvdb.org/36788" + }, + { + "name": "aix-rmpvc-dos(35845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35845" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4375.json b/2007/4xxx/CVE-2007-4375.json index 9bdbcf2d01b..bf98a85e6b4 100644 --- a/2007/4xxx/CVE-2007-4375.json +++ b/2007/4xxx/CVE-2007-4375.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070816 Remote Memory Read in Diskeeper 9 - 2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476954/100/0/threaded" - }, - { - "name" : "20070814 Remote Memory Read in Diskeeper 9 - 2007", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html" - }, - { - "name" : "25320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25320" - }, - { - "name" : "39546", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39546" - }, - { - "name" : "39547", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39547" - }, - { - "name" : "26431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26431" - }, - { - "name" : "3018", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3018" - }, - { - "name" : "diskeeper-dkservice-dos(36007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36007" - }, - { - "name" : "diskeeper-dkservice-information-disclosure(36008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25320" + }, + { + "name": "diskeeper-dkservice-information-disclosure(36008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36008" + }, + { + "name": "39546", + "refsource": "OSVDB", + "url": "http://osvdb.org/39546" + }, + { + "name": "39547", + "refsource": "OSVDB", + "url": "http://osvdb.org/39547" + }, + { + "name": "20070814 Remote Memory Read in Diskeeper 9 - 2007", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html" + }, + { + "name": "diskeeper-dkservice-dos(36007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36007" + }, + { + "name": "26431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26431" + }, + { + "name": "20070816 Remote Memory Read in Diskeeper 9 - 2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476954/100/0/threaded" + }, + { + "name": "3018", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3018" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4974.json b/2007/4xxx/CVE-2007-4974.json index c5ab83ed064..a8ec59ea9fc 100644 --- a/2007/4xxx/CVE-2007-4974.json +++ b/2007/4xxx/CVE-2007-4974.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=192834", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=192834" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=296221", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=296221" - }, - { - "name" : "DSA-1442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1442" - }, - { - "name" : "FEDORA-2007-2236", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html" - }, - { - "name" : "GLSA-200710-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-04.xml" - }, - { - "name" : "MDKSA-2007:191", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:191" - }, - { - "name" : "SUSE-SR:2008:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" - }, - { - "name" : "USN-525-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-525-1" - }, - { - "name" : "25758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25758" - }, - { - "name" : "ADV-2007-3241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3241" - }, - { - "name" : "26932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26932" - }, - { - "name" : "26921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26921" - }, - { - "name" : "27018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27018" - }, - { - "name" : "27100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27100" - }, - { - "name" : "27071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27071" - }, - { - "name" : "28265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28265" - }, - { - "name" : "28412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28412" + }, + { + "name": "GLSA-200710-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-04.xml" + }, + { + "name": "27100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27100" + }, + { + "name": "25758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25758" + }, + { + "name": "FEDORA-2007-2236", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=296221", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=296221" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=192834", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=192834" + }, + { + "name": "ADV-2007-3241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3241" + }, + { + "name": "28265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28265" + }, + { + "name": "MDKSA-2007:191", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:191" + }, + { + "name": "USN-525-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-525-1" + }, + { + "name": "27018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27018" + }, + { + "name": "DSA-1442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1442" + }, + { + "name": "27071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27071" + }, + { + "name": "26921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26921" + }, + { + "name": "SUSE-SR:2008:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" + }, + { + "name": "26932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26932" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4995.json b/2007/4xxx/CVE-2007-4995.json index 47d28e51c3e..4a76b90b3b3 100644 --- a/2007/4xxx/CVE-2007-4995.json +++ b/2007/4xxx/CVE-2007-4995.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-4995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071012 OpenSSL Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482167/100/0/threaded" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962", - "refsource" : "MISC", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962" - }, - { - "name" : "http://www.openssl.org/news/secadv_20071012.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20071012.txt" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=195634", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=195634" - }, - { - "name" : "DSA-1571", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1571" - }, - { - "name" : "FEDORA-2007-725", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html" - }, - { - "name" : "GLSA-200710-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-30.xml" - }, - { - "name" : "GLSA-200805-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" - }, - { - "name" : "HPSBUX02296", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773" - }, - { - "name" : "SSRT071504", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773" - }, - { - "name" : "MDKSA-2007:237", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:237" - }, - { - "name" : "RHSA-2007:0964", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0964.html" - }, - { - "name" : "SUSE-SR:2007:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html" - }, - { - "name" : "USN-534-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/534-1/" - }, - { - "name" : "26055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26055" - }, - { - "name" : "oval:org.mitre.oval:def:10288", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288" - }, - { - "name" : "30852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30852" - }, - { - "name" : "ADV-2007-3487", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3487" - }, - { - "name" : "ADV-2007-4219", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4219" - }, - { - "name" : "1018810", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018810" - }, - { - "name" : "25878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25878" - }, - { - "name" : "27205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27205" - }, - { - "name" : "27217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27217" - }, - { - "name" : "27271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27271" - }, - { - "name" : "27363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27363" - }, - { - "name" : "27434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27434" - }, - { - "name" : "27933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27933" - }, - { - "name" : "28084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28084" - }, - { - "name" : "30161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30161" - }, - { - "name" : "30220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30220" - }, - { - "name" : "ADV-2008-1937", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1937/references" - }, - { - "name" : "openssl-dtls-code-execution(37185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962", + "refsource": "MISC", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962" + }, + { + "name": "20071012 OpenSSL Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482167/100/0/threaded" + }, + { + "name": "28084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28084" + }, + { + "name": "27271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27271" + }, + { + "name": "27363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27363" + }, + { + "name": "30852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30852" + }, + { + "name": "DSA-1571", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1571" + }, + { + "name": "27205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27205" + }, + { + "name": "openssl-dtls-code-execution(37185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37185" + }, + { + "name": "26055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26055" + }, + { + "name": "FEDORA-2007-725", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html" + }, + { + "name": "GLSA-200710-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-30.xml" + }, + { + "name": "30220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30220" + }, + { + "name": "MDKSA-2007:237", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:237" + }, + { + "name": "ADV-2007-4219", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4219" + }, + { + "name": "HPSBUX02296", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773" + }, + { + "name": "SSRT071504", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773" + }, + { + "name": "oval:org.mitre.oval:def:10288", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288" + }, + { + "name": "27217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27217" + }, + { + "name": "RHSA-2007:0964", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=195634", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=195634" + }, + { + "name": "30161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30161" + }, + { + "name": "GLSA-200805-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" + }, + { + "name": "27434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27434" + }, + { + "name": "SUSE-SR:2007:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html" + }, + { + "name": "ADV-2007-3487", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3487" + }, + { + "name": "http://www.openssl.org/news/secadv_20071012.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20071012.txt" + }, + { + "name": "25878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25878" + }, + { + "name": "1018810", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018810" + }, + { + "name": "ADV-2008-1937", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1937/references" + }, + { + "name": "USN-534-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/534-1/" + }, + { + "name": "27933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27933" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5353.json b/2007/5xxx/CVE-2007-5353.json index 582131214cd..63bcd0a072b 100644 --- a/2007/5xxx/CVE-2007-5353.json +++ b/2007/5xxx/CVE-2007-5353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5353", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5353", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5544.json b/2007/5xxx/CVE-2007-5544.json index 69f1e01fa01..08b3094e957 100644 --- a/2007/5xxx/CVE-2007-5544.json +++ b/2007/5xxx/CVE-2007-5544.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257030", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21257030" - }, - { - "name" : "26146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26146" - }, - { - "name" : "ADV-2007-3598", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3598" - }, - { - "name" : "27321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt" + }, + { + "name": "26146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26146" + }, + { + "name": "ADV-2007-3598", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3598" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030" + }, + { + "name": "27321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27321" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2012.json b/2015/2xxx/CVE-2015-2012.json index 99bf3c4a1ee..cf47266485f 100644 --- a/2015/2xxx/CVE-2015-2012.json +++ b/2015/2xxx/CVE-2015-2012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-2012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968399" - }, - { - "name" : "IT09866", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866" - }, - { - "name" : "1034943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT09866", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT09866" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968399", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968399" + }, + { + "name": "1034943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034943" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2569.json b/2015/2xxx/CVE-2015-2569.json index dacc5b3aa6a..eb35eb4dcbe 100644 --- a/2015/2xxx/CVE-2015-2569.json +++ b/2015/2xxx/CVE-2015-2569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2569", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2569", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2850.json b/2015/2xxx/CVE-2015-2850.json index 3ae040d6c4e..94a6e4c9003 100644 --- a/2015/2xxx/CVE-2015-2850.json +++ b/2015/2xxx/CVE-2015-2850.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#485324", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/485324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#485324", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/485324" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3092.json b/2015/3xxx/CVE-2015-3092.json index 60f704ae5f9..5c645ee4075 100644 --- a/2015/3xxx/CVE-2015-3092.json +++ b/2015/3xxx/CVE-2015-3092.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" - }, - { - "name" : "GLSA-201505-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201505-02" - }, - { - "name" : "RHSA-2015:1005", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1005.html" - }, - { - "name" : "SUSE-SU-2015:0878", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0890", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0914", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" - }, - { - "name" : "74617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74617" - }, - { - "name" : "1032285", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032285", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032285" + }, + { + "name": "SUSE-SU-2015:0878", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:0890", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html" + }, + { + "name": "74617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74617" + }, + { + "name": "GLSA-201505-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201505-02" + }, + { + "name": "openSUSE-SU-2015:0914", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html" + }, + { + "name": "RHSA-2015:1005", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3449.json b/2015/3xxx/CVE-2015-3449.json index fd8d77136bf..5efa4a0db9b 100644 --- a/2015/3xxx/CVE-2015-3449.json +++ b/2015/3xxx/CVE-2015-3449.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150713 CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/60" - }, - { - "name" : "http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/" - }, - { - "name" : "75725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150713 CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/60" + }, + { + "name": "http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/" + }, + { + "name": "75725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75725" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3452.json b/2015/3xxx/CVE-2015-3452.json index d89e28c2159..4876d95fbf4 100644 --- a/2015/3xxx/CVE-2015-3452.json +++ b/2015/3xxx/CVE-2015-3452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6051.json b/2015/6xxx/CVE-2015-6051.json index 53fcd09511b..f445413b4bb 100644 --- a/2015/6xxx/CVE-2015-6051.json +++ b/2015/6xxx/CVE-2015-6051.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-545", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-545" - }, - { - "name" : "MS15-106", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" - }, - { - "name" : "76991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76991" - }, - { - "name" : "1033800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76991" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-545", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-545" + }, + { + "name": "1033800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033800" + }, + { + "name": "MS15-106", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6406.json b/2015/6xxx/CVE-2015-6406.json index d9bc3119a0a..70b234058ad 100644 --- a/2015/6xxx/CVE-2015-6406.json +++ b/2015/6xxx/CVE-2015-6406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151210 Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert" - }, - { - "name" : "78816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78816" - }, - { - "name" : "1034384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034384" + }, + { + "name": "78816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78816" + }, + { + "name": "20151210 Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6479.json b/2015/6xxx/CVE-2015-6479.json index cd811951017..8d305d103a9 100644 --- a/2015/6xxx/CVE-2015-6479.json +++ b/2015/6xxx/CVE-2015-6479.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-6479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6820.json b/2015/6xxx/CVE-2015-6820.json index 36c3ea56e29..2c3846d5b7a 100644 --- a/2015/6xxx/CVE-2015-6820.json +++ b/2015/6xxx/CVE-2015-6820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "USN-2944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2944-1" - }, - { - "name" : "1033483", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3" + }, + { + "name": "USN-2944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2944-1" + }, + { + "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" + }, + { + "name": "1033483", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033483" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7014.json b/2015/7xxx/CVE-2015-7014.json index 3658c71da01..e0d2887ad84 100644 --- a/2015/7xxx/CVE-2015-7014.json +++ b/2015/7xxx/CVE-2015-7014.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "https://support.apple.com/HT205372", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205372" - }, - { - "name" : "https://support.apple.com/HT205377", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205377" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-10-21-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-10-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "77267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77267" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "77267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77267" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "https://support.apple.com/HT205372", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205372" + }, + { + "name": "APPLE-SA-2015-10-21-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" + }, + { + "name": "APPLE-SA-2015-10-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" + }, + { + "name": "https://support.apple.com/HT205377", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205377" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7015.json b/2015/7xxx/CVE-2015-7015.json index b5245dc75db..b738afcd2b4 100644 --- a/2015/7xxx/CVE-2015-7015.json +++ b/2015/7xxx/CVE-2015-7015.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "https://support.apple.com/HT205378", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205378" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-10-21-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + }, + { + "name": "APPLE-SA-2015-10-21-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "https://support.apple.com/HT205378", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205378" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7179.json b/2015/7xxx/CVE-2015-7179.json index 185ef673e98..9f8d7c9a6f9 100644 --- a/2015/7xxx/CVE-2015-7179.json +++ b/2015/7xxx/CVE-2015-7179.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1190526", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1190526" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:1679", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "76816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76816" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190526", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190526" + }, + { + "name": "76816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76816" + }, + { + "name": "openSUSE-SU-2015:1679", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7249.json b/2015/7xxx/CVE-2015-7249.json index 2225c99f119..cf35e7f8e64 100644 --- a/2015/7xxx/CVE-2015-7249.json +++ b/2015/7xxx/CVE-2015-7249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38773/" - }, - { - "name" : "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA", - "refsource" : "CONFIRM", - "url" : "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA" - }, - { - "name" : "VU#391604", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/391604" - }, - { - "name" : "77421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77421" + }, + { + "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA", + "refsource": "CONFIRM", + "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA" + }, + { + "name": "VU#391604", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/391604" + }, + { + "name": "38773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38773/" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7518.json b/2015/7xxx/CVE-2015-7518.json index ac1ffbf7712..3a9c2147b21 100644 --- a/2015/7xxx/CVE-2015-7518.json +++ b/2015/7xxx/CVE-2015-7518.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-7518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151209 CVE-2015-7518: Foreman stored XSS in parameter information popup", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/09/6" - }, - { - "name" : "http://projects.theforeman.org/issues/12611", - "refsource" : "CONFIRM", - "url" : "http://projects.theforeman.org/issues/12611" - }, - { - "name" : "http://theforeman.org/security.html#2015-7518", - "refsource" : "CONFIRM", - "url" : "http://theforeman.org/security.html#2015-7518" - }, - { - "name" : "RHSA-2016:0174", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0174", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0174" + }, + { + "name": "[oss-security] 20151209 CVE-2015-7518: Foreman stored XSS in parameter information popup", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/09/6" + }, + { + "name": "http://projects.theforeman.org/issues/12611", + "refsource": "CONFIRM", + "url": "http://projects.theforeman.org/issues/12611" + }, + { + "name": "http://theforeman.org/security.html#2015-7518", + "refsource": "CONFIRM", + "url": "http://theforeman.org/security.html#2015-7518" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7751.json b/2015/7xxx/CVE-2015-7751.json index 7339a450f7d..70fa3336a50 100644 --- a/2015/7xxx/CVE-2015-7751.json +++ b/2015/7xxx/CVE-2015-7751.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is \"corrupted,\" which allows local users to gain root privileges by modifying the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707" - }, - { - "name" : "1033817", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is \"corrupted,\" which allows local users to gain root privileges by modifying the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033817", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033817" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10707" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7915.json b/2015/7xxx/CVE-2015-7915.json index b9e5ef3c2d7..6d766453c75 100644 --- a/2015/7xxx/CVE-2015-7915.json +++ b/2015/7xxx/CVE-2015-7915.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-7915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160203 Sauter ModuWEB Vision SCADA vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Feb/25" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160203 Sauter ModuWEB Vision SCADA vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Feb/25" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0018.json b/2016/0xxx/CVE-2016-0018.json index 6f472376b7d..4b25b2b724c 100644 --- a/2016/0xxx/CVE-2016-0018.json +++ b/2016/0xxx/CVE-2016-0018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"DLL Loading Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-007", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007" - }, - { - "name" : "1034661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"DLL Loading Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-007", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007" + }, + { + "name": "1034661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034661" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0266.json b/2016/0xxx/CVE-2016-0266.json index 2ecfdaf8334..e2f727417f1 100644 --- a/2016/0xxx/CVE-2016-0266.json +++ b/2016/0xxx/CVE-2016-0266.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc", - "refsource" : "CONFIRM", - "url" : "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" - }, - { - "name" : "IV86116", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116" - }, - { - "name" : "IV86117", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117" - }, - { - "name" : "IV86118", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118" - }, - { - "name" : "IV86119", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119" - }, - { - "name" : "IV86120", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120" - }, - { - "name" : "IV86132", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132" - }, - { - "name" : "92150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92150" - }, - { - "name" : "1036467", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92150" + }, + { + "name": "IV86117", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117" + }, + { + "name": "1036467", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036467" + }, + { + "name": "IV86132", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132" + }, + { + "name": "IV86118", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118" + }, + { + "name": "IV86116", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116" + }, + { + "name": "IV86119", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119" + }, + { + "name": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc", + "refsource": "CONFIRM", + "url": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" + }, + { + "name": "IV86120", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0430.json b/2016/0xxx/CVE-2016-0430.json index e17a782c8bd..b4401b4877e 100644 --- a/2016/0xxx/CVE-2016-0430.json +++ b/2016/0xxx/CVE-2016-0430.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034711" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0497.json b/2016/0xxx/CVE-2016-0497.json index 59628e01575..c3fecce6e01 100644 --- a/2016/0xxx/CVE-2016-0497.json +++ b/2016/0xxx/CVE-2016-0497.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034727", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034727", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034727" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000000.json b/2016/1000xxx/CVE-2016-1000000.json index 150fa3adc55..f51527b957e 100644 --- a/2016/1000xxx/CVE-2016-1000000.json +++ b/2016/1000xxx/CVE-2016-1000000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2016-15", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-15" - }, - { - "name" : "94496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94496" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-15", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-15" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1601.json b/2016/1xxx/CVE-2016-1601.json index 0c3862372f8..44de72ba07d 100644 --- a/2016/1xxx/CVE-2016-1601.json +++ b/2016/1xxx/CVE-2016-1601.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-1601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=974220", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=974220" - }, - { - "name" : "https://build.opensuse.org/request/show/388020", - "refsource" : "CONFIRM", - "url" : "https://build.opensuse.org/request/show/388020" - }, - { - "name" : "SUSE-SU-2016:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00051.html" - }, - { - "name" : "openSUSE-SU-2016:1226", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00007.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=974220", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=974220" + }, + { + "name": "openSUSE-SU-2016:1226", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00007.html" + }, + { + "name": "SUSE-SU-2016:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00051.html" + }, + { + "name": "https://build.opensuse.org/request/show/388020", + "refsource": "CONFIRM", + "url": "https://build.opensuse.org/request/show/388020" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1635.json b/2016/1xxx/CVE-2016-1635.json index 8420b1c5a9b..197ff38a564 100644 --- a/2016/1xxx/CVE-2016-1635.json +++ b/2016/1xxx/CVE-2016-1635.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=585268", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=585268" - }, - { - "name" : "https://codereview.chromium.org/1684953002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1684953002" - }, - { - "name" : "DSA-3507", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3507" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "SUSE-SU-2016:0665", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0664", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:0684", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2016:0729", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html" - }, - { - "name" : "84008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84008" - }, - { - "name" : "1035185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0664", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html" + }, + { + "name": "openSUSE-SU-2016:0684", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html" + }, + { + "name": "https://codereview.chromium.org/1684953002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1684953002" + }, + { + "name": "84008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84008" + }, + { + "name": "DSA-3507", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3507" + }, + { + "name": "1035185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035185" + }, + { + "name": "openSUSE-SU-2016:0729", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html" + }, + { + "name": "SUSE-SU-2016:0665", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=585268", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=585268" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1673.json b/2016/1xxx/CVE-2016-1673.json index 6f2853723a6..dfe530bfc2b 100644 --- a/2016/1xxx/CVE-2016-1673.json +++ b/2016/1xxx/CVE-2016-1673.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" - }, - { - "name" : "https://crbug.com/597532", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/597532" - }, - { - "name" : "DSA-3590", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3590" - }, - { - "name" : "GLSA-201607-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-07" - }, - { - "name" : "RHSA-2016:1190", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1190" - }, - { - "name" : "openSUSE-SU-2016:1430", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" - }, - { - "name" : "openSUSE-SU-2016:1433", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" - }, - { - "name" : "openSUSE-SU-2016:1496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" - }, - { - "name" : "USN-2992-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2992-1" - }, - { - "name" : "90876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90876" - }, - { - "name" : "1035981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90876" + }, + { + "name": "openSUSE-SU-2016:1496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" + }, + { + "name": "1035981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035981" + }, + { + "name": "DSA-3590", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3590" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" + }, + { + "name": "USN-2992-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2992-1" + }, + { + "name": "openSUSE-SU-2016:1430", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" + }, + { + "name": "RHSA-2016:1190", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1190" + }, + { + "name": "https://crbug.com/597532", + "refsource": "CONFIRM", + "url": "https://crbug.com/597532" + }, + { + "name": "GLSA-201607-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-07" + }, + { + "name": "openSUSE-SU-2016:1433", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4292.json b/2016/4xxx/CVE-2016-4292.json index bfebeafa026..a757cbc8bd5 100644 --- a/2016/4xxx/CVE-2016-4292.json +++ b/2016/4xxx/CVE-2016-4292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-4292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hancom Office", - "version" : { - "version_data" : [ - { - "version_value" : "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291" - } - ] - } - } - ] - }, - "vendor_name" : "Hancom" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-4292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hancom Office", + "version": { + "version_data": [ + { + "version_value": "2014 VP Trial HShow.exe Product version: 9.1.0.2176 HncBM90.dll Product version: 9.1.0.2291" + } + ] + } + } + ] + }, + "vendor_name": "Hancom" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0147/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0147/" - }, - { - "name" : "92325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0147/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0147/" + }, + { + "name": "92325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92325" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4499.json b/2016/4xxx/CVE-2016-4499.json index 7149dc24bb7..fc111de5cdc 100644 --- a/2016/4xxx/CVE-2016-4499.json +++ b/2016/4xxx/CVE-2016-4499.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-330/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-330/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-331/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-331/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01" - }, - { - "name" : "90522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-330/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-330/" + }, + { + "name": "90522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90522" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-331/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-331/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4638.json b/2016/4xxx/CVE-2016-4638.json index 4045c593eee..f357a54b5cc 100644 --- a/2016/4xxx/CVE-2016-4638.json +++ b/2016/4xxx/CVE-2016-4638.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "91824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91824" - }, - { - "name" : "1036348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91824" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "1036348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036348" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5045.json b/2016/5xxx/CVE-2016-5045.json index eba3791ea8a..7c40b7e7991 100644 --- a/2016/5xxx/CVE-2016-5045.json +++ b/2016/5xxx/CVE-2016-5045.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/ka51A00000007OTQAY/NTAP-20170323-0001", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/ka51A00000007OTQAY/NTAP-20170323-0001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/ka51A00000007OTQAY/NTAP-20170323-0001", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/ka51A00000007OTQAY/NTAP-20170323-0001" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5863.json b/2016/5xxx/CVE-2016-5863.json index 2ad16d48bc8..728a2512df3 100644 --- a/2016/5xxx/CVE-2016-5863.json +++ b/2016/5xxx/CVE-2016-5863.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-05-01T00:00:00", - "ID" : "CVE-2016-5863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "Android for MSM, Firefox OS for MSM, QRD Android" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in USB" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-05-01T00:00:00", + "ID": "CVE-2016-5863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "Android for MSM, Firefox OS for MSM, QRD Android" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in USB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99465" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0110.json b/2019/0xxx/CVE-2019-0110.json index 26c9166a161..b00a1bdf5be 100644 --- a/2019/0xxx/CVE-2019-0110.json +++ b/2019/0xxx/CVE-2019-0110.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-02-12T00:00:00", - "ID" : "CVE-2019-0110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-02-12T00:00:00", + "ID": "CVE-2019-0110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html" - }, - { - "name" : "107071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107071" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107071" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-050-01" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00215.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0423.json b/2019/0xxx/CVE-2019-0423.json index a8e5d2a3192..f1b2431a3eb 100644 --- a/2019/0xxx/CVE-2019-0423.json +++ b/2019/0xxx/CVE-2019-0423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0630.json b/2019/0xxx/CVE-2019-0630.json index 99a6f4aac83..ebef7a91b57 100644 --- a/2019/0xxx/CVE-2019-0630.json +++ b/2019/0xxx/CVE-2019-0630.json @@ -1,185 +1,185 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "8.1 for 32-bit systems" - }, - { - "version_value" : "8.1 for x64-based systems" - }, - { - "version_value" : "RT 8.1" - }, - { - "version_value" : "10 for 32-bit Systems" - }, - { - "version_value" : "10 for x64-based Systems" - }, - { - "version_value" : "10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server", - "version" : { - "version_data" : [ - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value" : "2012" - }, - { - "version_value" : "2012 (Core installation)" - }, - { - "version_value" : "2012 R2" - }, - { - "version_value" : "2012 R2 (Core installation)" - }, - { - "version_value" : "2016" - }, - { - "version_value" : "2016 (Core installation)" - }, - { - "version_value" : "version 1709 (Core Installation)" - }, - { - "version_value" : "version 1803 (Core Installation)" - }, - { - "version_value" : "2019" - }, - { - "version_value" : "2019 (Core installation)" - }, - { - "version_value" : "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2 (Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "version 1709 (Core Installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630" - }, - { - "name" : "106876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106876" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0968.json b/2019/0xxx/CVE-2019-0968.json index 5ad074250c2..9b9979de779 100644 --- a/2019/0xxx/CVE-2019-0968.json +++ b/2019/0xxx/CVE-2019-0968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0968", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0968", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1448.json b/2019/1xxx/CVE-2019-1448.json index 67507d17862..012a4d56997 100644 --- a/2019/1xxx/CVE-2019-1448.json +++ b/2019/1xxx/CVE-2019-1448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3133.json b/2019/3xxx/CVE-2019-3133.json index 9760e862962..025e7b1d5eb 100644 --- a/2019/3xxx/CVE-2019-3133.json +++ b/2019/3xxx/CVE-2019-3133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3483.json b/2019/3xxx/CVE-2019-3483.json index b3acecc2db1..bd5053d140e 100644 --- a/2019/3xxx/CVE-2019-3483.json +++ b/2019/3xxx/CVE-2019-3483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3528.json b/2019/3xxx/CVE-2019-3528.json index 112f6e007ec..1e58403bbc1 100644 --- a/2019/3xxx/CVE-2019-3528.json +++ b/2019/3xxx/CVE-2019-3528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3528", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3528", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3584.json b/2019/3xxx/CVE-2019-3584.json index 6ee52ee5682..49e07109240 100644 --- a/2019/3xxx/CVE-2019-3584.json +++ b/2019/3xxx/CVE-2019-3584.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2019-3584", - "STATE" : "PUBLIC", - "TITLE" : "Exploitation of Authentication vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MVision Endpoint", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "All", - "version_value" : "1811 Update 1 (18.11.31.62)" - } - ] - } - } - ] - }, - "vendor_name" : "Mcafee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 7.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Exploitation of Authentication vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2019-3584", + "STATE": "PUBLIC", + "TITLE": "Exploitation of Authentication vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MVision Endpoint", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "1811 Update 1 (18.11.31.62)" + } + ] + } + } + ] + }, + "vendor_name": "Mcafee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10265", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10265" - }, - { - "name" : "106789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106789" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exploitation of Authentication vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10265", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10265" + }, + { + "name": "106789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106789" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3998.json b/2019/3xxx/CVE-2019-3998.json index 95a9cc52c8e..d2352ba50d5 100644 --- a/2019/3xxx/CVE-2019-3998.json +++ b/2019/3xxx/CVE-2019-3998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3998", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3998", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4689.json b/2019/4xxx/CVE-2019-4689.json index b733755c906..09dc55110ec 100644 --- a/2019/4xxx/CVE-2019-4689.json +++ b/2019/4xxx/CVE-2019-4689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4841.json b/2019/4xxx/CVE-2019-4841.json index 04a50518533..7324e1df8c4 100644 --- a/2019/4xxx/CVE-2019-4841.json +++ b/2019/4xxx/CVE-2019-4841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4906.json b/2019/4xxx/CVE-2019-4906.json index abb2a5d2203..4abb101bb61 100644 --- a/2019/4xxx/CVE-2019-4906.json +++ b/2019/4xxx/CVE-2019-4906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4977.json b/2019/4xxx/CVE-2019-4977.json index 55866e1e6f7..6b1dc485d3e 100644 --- a/2019/4xxx/CVE-2019-4977.json +++ b/2019/4xxx/CVE-2019-4977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7487.json b/2019/7xxx/CVE-2019-7487.json index cb1f88aabd4..9dd38d5ffa9 100644 --- a/2019/7xxx/CVE-2019-7487.json +++ b/2019/7xxx/CVE-2019-7487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8074.json b/2019/8xxx/CVE-2019-8074.json index bb688c27bbd..8c559a72645 100644 --- a/2019/8xxx/CVE-2019-8074.json +++ b/2019/8xxx/CVE-2019-8074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8158.json b/2019/8xxx/CVE-2019-8158.json index 8986f224ac6..95e933ebfc9 100644 --- a/2019/8xxx/CVE-2019-8158.json +++ b/2019/8xxx/CVE-2019-8158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8646.json b/2019/8xxx/CVE-2019-8646.json index d8d4f8ab6bc..39a9c1a8920 100644 --- a/2019/8xxx/CVE-2019-8646.json +++ b/2019/8xxx/CVE-2019-8646.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8646", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8646", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8793.json b/2019/8xxx/CVE-2019-8793.json index 29473e720b8..6ce8aa51b06 100644 --- a/2019/8xxx/CVE-2019-8793.json +++ b/2019/8xxx/CVE-2019-8793.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8793", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8793", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9038.json b/2019/9xxx/CVE-2019-9038.json index d26981d74cf..8cb0b36dd67 100644 --- a/2019/9xxx/CVE-2019-9038.json +++ b/2019/9xxx/CVE-2019-9038.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/matio", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/matio" - }, - { - "name" : "https://github.com/tbeu/matio/issues/103", - "refsource" : "MISC", - "url" : "https://github.com/tbeu/matio/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tbeu/matio/issues/103", + "refsource": "MISC", + "url": "https://github.com/tbeu/matio/issues/103" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/matio", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/matio" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9144.json b/2019/9xxx/CVE-2019-9144.json index 51001d9a70f..1005032be77 100644 --- a/2019/9xxx/CVE-2019-9144.json +++ b/2019/9xxx/CVE-2019-9144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/712", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/712" - }, - { - "name" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/", - "refsource" : "MISC", - "url" : "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/" - }, - { - "name" : "107161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/", + "refsource": "MISC", + "url": "https://research.loginsoft.com/bugs/uncontrolled-recursion-loop-in-exiv2anonymous-namespacebigtiffimageprintifd-exiv2-0-27/" + }, + { + "name": "https://github.com/Exiv2/exiv2/issues/712", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/712" + }, + { + "name": "107161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107161" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9267.json b/2019/9xxx/CVE-2019-9267.json index 6c756c23224..9fe3ccdf6b0 100644 --- a/2019/9xxx/CVE-2019-9267.json +++ b/2019/9xxx/CVE-2019-9267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9267", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9267", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9658.json b/2019/9xxx/CVE-2019-9658.json index ad97369d7a4..a316722cdda 100644 --- a/2019/9xxx/CVE-2019-9658.json +++ b/2019/9xxx/CVE-2019-9658.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Checkstyle before 8.18 loads external DTDs by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://checkstyle.org/releasenotes.html#Release_8.18", - "refsource" : "MISC", - "url" : "https://checkstyle.org/releasenotes.html#Release_8.18" - }, - { - "name" : "https://github.com/checkstyle/checkstyle/issues/6474", - "refsource" : "MISC", - "url" : "https://github.com/checkstyle/checkstyle/issues/6474" - }, - { - "name" : "https://github.com/checkstyle/checkstyle/issues/6478", - "refsource" : "MISC", - "url" : "https://github.com/checkstyle/checkstyle/issues/6478" - }, - { - "name" : "https://github.com/checkstyle/checkstyle/pull/6476", - "refsource" : "MISC", - "url" : "https://github.com/checkstyle/checkstyle/pull/6476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Checkstyle before 8.18 loads external DTDs by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/checkstyle/checkstyle/pull/6476", + "refsource": "MISC", + "url": "https://github.com/checkstyle/checkstyle/pull/6476" + }, + { + "name": "https://github.com/checkstyle/checkstyle/issues/6474", + "refsource": "MISC", + "url": "https://github.com/checkstyle/checkstyle/issues/6474" + }, + { + "name": "https://github.com/checkstyle/checkstyle/issues/6478", + "refsource": "MISC", + "url": "https://github.com/checkstyle/checkstyle/issues/6478" + }, + { + "name": "https://checkstyle.org/releasenotes.html#Release_8.18", + "refsource": "MISC", + "url": "https://checkstyle.org/releasenotes.html#Release_8.18" + } + ] + } +} \ No newline at end of file