From 1c5dfae37077adc162e12edf0ad7e3d6c6fe3857 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:35:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2460.json | 130 ++++----- 2007/2xxx/CVE-2007-2545.json | 250 ++++++++-------- 2007/3xxx/CVE-2007-3376.json | 170 +++++------ 2007/3xxx/CVE-2007-3687.json | 170 +++++------ 2007/6xxx/CVE-2007-6415.json | 200 ++++++------- 2007/6xxx/CVE-2007-6627.json | 190 ++++++------ 2010/1xxx/CVE-2010-1013.json | 160 +++++----- 2010/1xxx/CVE-2010-1112.json | 130 ++++----- 2010/1xxx/CVE-2010-1209.json | 170 +++++------ 2010/5xxx/CVE-2010-5243.json | 130 ++++----- 2014/0xxx/CVE-2014-0277.json | 190 ++++++------ 2014/0xxx/CVE-2014-0525.json | 120 ++++---- 2014/1xxx/CVE-2014-1203.json | 120 ++++---- 2014/1xxx/CVE-2014-1365.json | 170 +++++------ 2014/1xxx/CVE-2014-1421.json | 120 ++++---- 2014/1xxx/CVE-2014-1831.json | 170 +++++------ 2014/5xxx/CVE-2014-5058.json | 34 +-- 2014/5xxx/CVE-2014-5593.json | 140 ++++----- 2014/5xxx/CVE-2014-5813.json | 140 ++++----- 2014/5xxx/CVE-2014-5836.json | 140 ++++----- 2015/2xxx/CVE-2015-2107.json | 140 ++++----- 2015/2xxx/CVE-2015-2302.json | 34 +-- 2015/6xxx/CVE-2015-6390.json | 130 ++++----- 2016/1000xxx/CVE-2016-1000016.json | 34 +-- 2016/10xxx/CVE-2016-10180.json | 130 ++++----- 2016/10xxx/CVE-2016-10316.json | 120 ++++---- 2016/10xxx/CVE-2016-10628.json | 122 ++++---- 2016/4xxx/CVE-2016-4104.json | 130 ++++----- 2016/4xxx/CVE-2016-4350.json | 360 +++++++++++------------ 2016/4xxx/CVE-2016-4930.json | 130 ++++----- 2016/8xxx/CVE-2016-8655.json | 450 ++++++++++++++--------------- 2016/9xxx/CVE-2016-9137.json | 190 ++++++------ 2016/9xxx/CVE-2016-9157.json | 130 ++++----- 2016/9xxx/CVE-2016-9505.json | 34 +-- 2016/9xxx/CVE-2016-9676.json | 140 ++++----- 2019/2xxx/CVE-2019-2178.json | 34 +-- 2019/2xxx/CVE-2019-2308.json | 34 +-- 2019/2xxx/CVE-2019-2696.json | 34 +-- 2019/3xxx/CVE-2019-3300.json | 34 +-- 2019/3xxx/CVE-2019-3523.json | 34 +-- 2019/3xxx/CVE-2019-3826.json | 34 +-- 2019/3xxx/CVE-2019-3920.json | 122 ++++---- 2019/6xxx/CVE-2019-6066.json | 34 +-- 2019/6xxx/CVE-2019-6113.json | 34 +-- 2019/6xxx/CVE-2019-6690.json | 78 +---- 2019/6xxx/CVE-2019-6839.json | 34 +-- 2019/7xxx/CVE-2019-7077.json | 34 +-- 2019/7xxx/CVE-2019-7346.json | 120 ++++---- 2019/7xxx/CVE-2019-7544.json | 120 ++++---- 49 files changed, 3012 insertions(+), 3086 deletions(-) diff --git a/2007/2xxx/CVE-2007-2460.json b/2007/2xxx/CVE-2007-2460.json index 74b9e94c842..6a1fb3418bb 100644 --- a/2007/2xxx/CVE-2007-2460.json +++ b/2007/2xxx/CVE-2007-2460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070502 true: firefly RFI, both doc_root and DOCUMENT_ROOT", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-May/001573.html" - }, - { - "name" : "ADV-2007-1554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070502 true: firefly RFI, both doc_root and DOCUMENT_ROOT", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-May/001573.html" + }, + { + "name": "ADV-2007-1554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1554" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2545.json b/2007/2xxx/CVE-2007-2545.json index 5a0e4968958..8ed0c3b5228 100644 --- a/2007/2xxx/CVE-2007-2545.json +++ b/2007/2xxx/CVE-2007-2545.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3853", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3853" - }, - { - "name" : "23828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23828" - }, - { - "name" : "ADV-2007-1671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1671" - }, - { - "name" : "37767", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37767" - }, - { - "name" : "37768", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37768" - }, - { - "name" : "37769", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37769" - }, - { - "name" : "37770", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37770" - }, - { - "name" : "37771", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37771" - }, - { - "name" : "37772", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37772" - }, - { - "name" : "37773", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37773" - }, - { - "name" : "37774", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37774" - }, - { - "name" : "37775", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37775" - }, - { - "name" : "37776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37776" - }, - { - "name" : "persism-systempath-file-include(34102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37774", + "refsource": "OSVDB", + "url": "http://osvdb.org/37774" + }, + { + "name": "37775", + "refsource": "OSVDB", + "url": "http://osvdb.org/37775" + }, + { + "name": "37767", + "refsource": "OSVDB", + "url": "http://osvdb.org/37767" + }, + { + "name": "37770", + "refsource": "OSVDB", + "url": "http://osvdb.org/37770" + }, + { + "name": "37773", + "refsource": "OSVDB", + "url": "http://osvdb.org/37773" + }, + { + "name": "persism-systempath-file-include(34102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34102" + }, + { + "name": "37769", + "refsource": "OSVDB", + "url": "http://osvdb.org/37769" + }, + { + "name": "37768", + "refsource": "OSVDB", + "url": "http://osvdb.org/37768" + }, + { + "name": "37772", + "refsource": "OSVDB", + "url": "http://osvdb.org/37772" + }, + { + "name": "3853", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3853" + }, + { + "name": "37771", + "refsource": "OSVDB", + "url": "http://osvdb.org/37771" + }, + { + "name": "23828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23828" + }, + { + "name": "37776", + "refsource": "OSVDB", + "url": "http://osvdb.org/37776" + }, + { + "name": "ADV-2007-1671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1671" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3376.json b/2007/3xxx/CVE-2007-3376.json index 3a65d1b83d7..21fd5e22ba2 100644 --- a/2007/3xxx/CVE-2007-3376.json +++ b/2007/3xxx/CVE-2007-3376.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070624 Safari Bookmarks Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472209" - }, - { - "name" : "20070625 Safari Bookmarks Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=118278848816602&w=2" - }, - { - "name" : "24619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24619" - }, - { - "name" : "40882", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40882" - }, - { - "name" : "ADV-2007-2340", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2340" - }, - { - "name" : "safari-title-bo(35030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070625 Safari Bookmarks Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=118278848816602&w=2" + }, + { + "name": "40882", + "refsource": "OSVDB", + "url": "http://osvdb.org/40882" + }, + { + "name": "24619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24619" + }, + { + "name": "ADV-2007-2340", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2340" + }, + { + "name": "safari-title-bo(35030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35030" + }, + { + "name": "20070624 Safari Bookmarks Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472209" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3687.json b/2007/3xxx/CVE-2007-3687.json index 9b3465ab884..b4e76359e6f 100644 --- a/2007/3xxx/CVE-2007-3687.json +++ b/2007/3xxx/CVE-2007-3687.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4166", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4166" - }, - { - "name" : "http://infernotechnologies.net/", - "refsource" : "CONFIRM", - "url" : "http://infernotechnologies.net/" - }, - { - "name" : "24839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24839" - }, - { - "name" : "35965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35965" - }, - { - "name" : "25986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25986" - }, - { - "name" : "rpginferno-inferno-sql-injection(35319)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24839" + }, + { + "name": "rpginferno-inferno-sql-injection(35319)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35319" + }, + { + "name": "35965", + "refsource": "OSVDB", + "url": "http://osvdb.org/35965" + }, + { + "name": "http://infernotechnologies.net/", + "refsource": "CONFIRM", + "url": "http://infernotechnologies.net/" + }, + { + "name": "4166", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4166" + }, + { + "name": "25986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25986" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6415.json b/2007/6xxx/CVE-2007-6415.json index c304f24e6bd..f74db1dbfdc 100644 --- a/2007/6xxx/CVE-2007-6415.json +++ b/2007/6xxx/CVE-2007-6415.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=203099", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=203099" - }, - { - "name" : "DSA-1473", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1473" - }, - { - "name" : "FEDORA-2008-1728", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html" - }, - { - "name" : "FEDORA-2008-1743", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html" - }, - { - "name" : "GLSA-200802-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200802-06.xml" - }, - { - "name" : "28538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28538" - }, - { - "name" : "28944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28944" - }, - { - "name" : "28981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1473", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1473" + }, + { + "name": "GLSA-200802-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200802-06.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=203099", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=203099" + }, + { + "name": "28944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28944" + }, + { + "name": "FEDORA-2008-1728", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00595.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148" + }, + { + "name": "28538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28538" + }, + { + "name": "FEDORA-2008-1743", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00546.html" + }, + { + "name": "28981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28981" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6627.json b/2007/6xxx/CVE-2007-6627.json index d892b643cb7..6925739f7ba 100644 --- a/2007/6xxx/CVE-2007-6627.json +++ b/2007/6xxx/CVE-2007-6627.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 Multiple vulnerabilities in Feng 0.1.15", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485574/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/fengulo-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/fengulo-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/fengulo.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/fengulo.zip" - }, - { - "name" : "27049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27049" - }, - { - "name" : "ADV-2008-0011", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0011" - }, - { - "name" : "40533", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40533" - }, - { - "name" : "28229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28229" - }, - { - "name" : "3507", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071227 Multiple vulnerabilities in Feng 0.1.15", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded" + }, + { + "name": "40533", + "refsource": "OSVDB", + "url": "http://osvdb.org/40533" + }, + { + "name": "27049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27049" + }, + { + "name": "ADV-2008-0011", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0011" + }, + { + "name": "http://aluigi.org/poc/fengulo.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/fengulo.zip" + }, + { + "name": "http://aluigi.altervista.org/adv/fengulo-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/fengulo-adv.txt" + }, + { + "name": "3507", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3507" + }, + { + "name": "28229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28229" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1013.json b/2010/1xxx/CVE-2010-1013.json index 83355722d5b..4845442a1d2 100644 --- a/2010/1xxx/CVE-2010-1013.json +++ b/2010/1xxx/CVE-2010-1013.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" - }, - { - "name" : "38812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38812" - }, - { - "name" : "63034", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63034" - }, - { - "name" : "38996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38812" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/" + }, + { + "name": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/pd_diocesedatabase/0.7.13/" + }, + { + "name": "38996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38996" + }, + { + "name": "63034", + "refsource": "OSVDB", + "url": "http://osvdb.org/63034" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1112.json b/2010/1xxx/CVE-2010-1112.json index 206e332b7ce..62da9a0a565 100644 --- a/2010/1xxx/CVE-2010-1112.json +++ b/2010/1xxx/CVE-2010-1112.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/klonews-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/klonews-xss.txt" - }, - { - "name" : "38268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38268" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/klonews-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/klonews-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1209.json b/2010/1xxx/CVE-2010-1209.json index 2ef088347b1..def69350870 100644 --- a/2010/1xxx/CVE-2010-1209.json +++ b/2010/1xxx/CVE-2010-1209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100721 ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512511" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-130/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-130/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-36.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552110", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552110" - }, - { - "name" : "41845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41845" - }, - { - "name" : "oval:org.mitre.oval:def:11055", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41845" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-36.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-36.html" + }, + { + "name": "oval:org.mitre.oval:def:11055", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=552110", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=552110" + }, + { + "name": "20100721 ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512511" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-130/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-130/" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5243.json b/2010/5xxx/CVE-2010-5243.json index d345b16fd14..69b3eee043c 100644 --- a/2010/5xxx/CVE-2010-5243.json +++ b/2010/5xxx/CVE-2010-5243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html", - "refsource" : "MISC", - "url" : "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html" - }, - { - "name" : "41174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in Cyberlink Power2Go 7.0.0.0816 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) MFC71LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .p2g, .iso, .pdl, .pds, or .p2i file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html", + "refsource": "MISC", + "url": "http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html" + }, + { + "name": "41174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41174" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0277.json b/2014/0xxx/CVE-2014-0277.json index 8dc7e45f314..41c26aa3255 100644 --- a/2014/0xxx/CVE-2014-0277.json +++ b/2014/0xxx/CVE-2014-0277.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0278 and CVE-2014-0279." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" - }, - { - "name" : "HPSBOV03503", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144498216801440&w=2" - }, - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65376" - }, - { - "name" : "103176", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103176" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140277-code-exec(90767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0278 and CVE-2014-0279." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "ms-ie-cve20140277-code-exec(90767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90767" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" + }, + { + "name": "HPSBOV03503", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2" + }, + { + "name": "65376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65376" + }, + { + "name": "103176", + "refsource": "OSVDB", + "url": "http://osvdb.org/103176" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0525.json b/2014/0xxx/CVE-2014-0525.json index 660e64fd7b6..021ea668f68 100644 --- a/2014/0xxx/CVE-2014-0525.json +++ b/2014/0xxx/CVE-2014-0525.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2014-0525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html", - "refsource" : "CONFIRM", - "url" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://helpx.adobe.com/security/products/reader/apsb14-15.html", + "refsource": "CONFIRM", + "url": "http://helpx.adobe.com/security/products/reader/apsb14-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1203.json b/2014/1xxx/CVE-2014-1203.json index 783b9e873b3..b27dcd4696e 100644 --- a/2014/1xxx/CVE-2014-1203.json +++ b/2014/1xxx/CVE-2014-1203.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140108 [CVE-2014-1203] Eyou Mail System Remote Code\tExecution", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jan/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140108 [CVE-2014-1203] Eyou Mail System Remote Code\tExecution", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jan/32" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1365.json b/2014/1xxx/CVE-2014-1365.json index 8c9c99eb2b3..8db07e56bc5 100644 --- a/2014/1xxx/CVE-2014-1365.json +++ b/2014/1xxx/CVE-2014-1365.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-06-30-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030495", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030495" - }, - { - "name" : "59481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "59481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59481" + }, + { + "name": "1030495", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030495" + }, + { + "name": "APPLE-SA-2014-06-30-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1421.json b/2014/1xxx/CVE-2014-1421.json index 376a3a22973..d5a443ebed0 100644 --- a/2014/1xxx/CVE-2014-1421.json +++ b/2014/1xxx/CVE-2014-1421.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-1421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2411-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2411-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2411-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2411-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1831.json b/2014/1xxx/CVE-2014-1831.json index 9ab485e6fbd..732e73c067d 100644 --- a/2014/1xxx/CVE-2014-1831.json +++ b/2014/1xxx/CVE-2014-1831.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/28/8" - }, - { - "name" : "[oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/01/30/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1058992" - }, - { - "name" : "https://github.com/phusion/passenger/commit/34b1087870c2", - "refsource" : "CONFIRM", - "url" : "https://github.com/phusion/passenger/commit/34b1087870c2" - }, - { - "name" : "FEDORA-2015-1151", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958" + }, + { + "name": "https://github.com/phusion/passenger/commit/34b1087870c2", + "refsource": "CONFIRM", + "url": "https://github.com/phusion/passenger/commit/34b1087870c2" + }, + { + "name": "[oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/30/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992" + }, + { + "name": "FEDORA-2015-1151", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html" + }, + { + "name": "[oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/01/28/8" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5058.json b/2014/5xxx/CVE-2014-5058.json index 16e3481cc33..066becf651d 100644 --- a/2014/5xxx/CVE-2014-5058.json +++ b/2014/5xxx/CVE-2014-5058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5593.json b/2014/5xxx/CVE-2014-5593.json index 5525e9e1a89..efb5fb75aef 100644 --- a/2014/5xxx/CVE-2014-5593.json +++ b/2014/5xxx/CVE-2014-5593.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Christian Dating Cafe (aka com.christiancafe.mobile.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#607137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/607137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Christian Dating Cafe (aka com.christiancafe.mobile.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#607137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/607137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5813.json b/2014/5xxx/CVE-2014-5813.json index 127f1f0d0d0..e716ad6a92c 100644 --- a/2014/5xxx/CVE-2014-5813.json +++ b/2014/5xxx/CVE-2014-5813.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#657825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/657825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#657825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/657825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5836.json b/2014/5xxx/CVE-2014-5836.json index f89f9853344..65cc602dd58 100644 --- a/2014/5xxx/CVE-2014-5836.json +++ b/2014/5xxx/CVE-2014-5836.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#459913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/459913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#459913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/459913" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2107.json b/2015/2xxx/CVE-2015-2107.json index 8b3044bd5f1..f35d797131b 100644 --- a/2015/2xxx/CVE-2015-2107.json +++ b/2015/2xxx/CVE-2015-2107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN03284", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084" - }, - { - "name" : "SSRT101971", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084" - }, - { - "name" : "1031870", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN03284", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084" + }, + { + "name": "SSRT101971", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084" + }, + { + "name": "1031870", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031870" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2302.json b/2015/2xxx/CVE-2015-2302.json index 8f3d5fd69cc..fd8bacabcaa 100644 --- a/2015/2xxx/CVE-2015-2302.json +++ b/2015/2xxx/CVE-2015-2302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2302", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candidate is a reservation duplicate of CVE-2014-6405. Notes: All CVE users should reference CVE-2014-6405 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2302", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candidate is a reservation duplicate of CVE-2014-6405. Notes: All CVE users should reference CVE-2014-6405 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6390.json b/2015/6xxx/CVE-2015-6390.json index 30df8d7242c..6c5003b5dc1 100644 --- a/2015/6xxx/CVE-2015-6390.json +++ b/2015/6xxx/CVE-2015-6390.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151202 Cisco Unity Connection Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca" - }, - { - "name" : "1034286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034286" + }, + { + "name": "20151202 Cisco Unity Connection Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000016.json b/2016/1000xxx/CVE-2016-1000016.json index ea9bd8ab3fb..85c03e1fd17 100644 --- a/2016/1000xxx/CVE-2016-1000016.json +++ b/2016/1000xxx/CVE-2016-1000016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10180.json b/2016/10xxx/CVE-2016-10180.json index 1234f3637a2..02f8872cc9e 100644 --- a/2016/10xxx/CVE-2016-10180.json +++ b/2016/10xxx/CVE-2016-10180.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html" - }, - { - "name" : "95877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html" + }, + { + "name": "95877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95877" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10316.json b/2016/10xxx/CVE-2016-10316.json index b1a0e7aab20..14786274042 100644 --- a/2016/10xxx/CVE-2016-10316.json +++ b/2016/10xxx/CVE-2016-10316.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf", - "refsource" : "MISC", - "url" : "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf", + "refsource": "MISC", + "url": "https://www.riskbasedsecurity.com/research/RBS-2016-004.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10628.json b/2016/10xxx/CVE-2016-10628.json index 09bbaaf7963..53288dfa965 100644 --- a/2016/10xxx/CVE-2016-10628.json +++ b/2016/10xxx/CVE-2016-10628.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "selenium-wrapper node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "selenium-wrapper node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/224", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/224", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/224" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4104.json b/2016/4xxx/CVE-2016-4104.json index 307d18a6301..83a19da0d16 100644 --- a/2016/4xxx/CVE-2016-4104.json +++ b/2016/4xxx/CVE-2016-4104.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, and CVE-2016-4105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" - }, - { - "name" : "1035828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, and CVE-2016-4105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035828" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4350.json b/2016/4xxx/CVE-2016-4350.json index 9d3ffb46b71..b43288b31df 100644 --- a/2016/4xxx/CVE-2016-4350.json +++ b/2016/4xxx/CVE-2016-4350.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-249", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-249" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-250", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-250" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-251", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-251" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-252", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-252" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-253", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-253" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-254", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-254" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-255", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-255" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-256", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-256" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-257", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-257" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-258", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-258" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-259", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-259" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-260", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-260" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-261", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-261" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-262", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-262" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-263", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-263" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-264", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-264" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-265", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-265" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-266", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-266" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-267", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-267" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-268", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-268" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-269", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-269" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-270", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-270" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-271", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-271" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-272", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-272" - }, - { - "name" : "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", - "refsource" : "CONFIRM", - "url" : "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-254", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-254" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-259", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-259" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-272", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-272" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-252", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-252" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-256", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-256" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-265", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-265" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-270", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-270" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-266", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-266" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-257", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-257" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-263", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-263" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-271", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-271" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-262", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-262" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-253", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-253" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-250", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-250" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-268", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-268" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-260", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-260" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-251", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-251" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-264", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-264" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-261", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-261" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-267", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-267" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-249", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-249" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-269", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-269" + }, + { + "name": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm", + "refsource": "CONFIRM", + "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-255", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-255" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-258", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-258" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4930.json b/2016/4xxx/CVE-2016-4930.json index 94b39760a3e..961f2f34200 100644 --- a/2016/4xxx/CVE-2016-4930.json +++ b/2016/4xxx/CVE-2016-4930.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2016-4930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" - }, - { - "name" : "93540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93540" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8655.json b/2016/8xxx/CVE-2016-8655.json index a6709b42261..cba65fa6ab0 100644 --- a/2016/8xxx/CVE-2016-8655.json +++ b/2016/8xxx/CVE-2016-8655.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40871", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40871/" - }, - { - "name" : "44696", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44696/" - }, - { - "name" : "[oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/06/1" - }, - { - "name" : "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400019", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400019" - }, - { - "name" : "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-03-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01.html" - }, - { - "name" : "RHSA-2017:0386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0386.html" - }, - { - "name" : "RHSA-2017:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0387.html" - }, - { - "name" : "RHSA-2017:0402", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0402.html" - }, - { - "name" : "SUSE-SU-2016:3096", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:3113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html" - }, - { - "name" : "SUSE-SU-2016:3116", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html" - }, - { - "name" : "SUSE-SU-2016:3117", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html" - }, - { - "name" : "SUSE-SU-2016:3169", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html" - }, - { - "name" : "SUSE-SU-2016:3183", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html" - }, - { - "name" : "SUSE-SU-2016:3197", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html" - }, - { - "name" : "SUSE-SU-2016:3205", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html" - }, - { - "name" : "SUSE-SU-2016:3206", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html" - }, - { - "name" : "SUSE-SU-2016:3247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html" - }, - { - "name" : "USN-3149-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3149-1" - }, - { - "name" : "USN-3149-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3149-2" - }, - { - "name" : "USN-3150-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3150-1" - }, - { - "name" : "USN-3150-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3150-2" - }, - { - "name" : "USN-3151-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3151-1" - }, - { - "name" : "USN-3151-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3151-2" - }, - { - "name" : "USN-3151-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3151-3" - }, - { - "name" : "USN-3151-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3151-4" - }, - { - "name" : "USN-3152-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3152-1" - }, - { - "name" : "USN-3152-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3152-2" - }, - { - "name" : "94692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94692" - }, - { - "name" : "1037403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037403" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3151-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3151-3" + }, + { + "name": "SUSE-SU-2016:3096", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c" + }, + { + "name": "SUSE-SU-2016:3206", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html" + }, + { + "name": "SUSE-SU-2016:3169", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html" + }, + { + "name": "USN-3150-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3150-2" + }, + { + "name": "USN-3149-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3149-2" + }, + { + "name": "94692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94692" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "USN-3150-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3150-1" + }, + { + "name": "SUSE-SU-2016:3117", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html" + }, + { + "name": "SUSE-SU-2016:3197", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html" + }, + { + "name": "RHSA-2017:0402", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0402.html" + }, + { + "name": "USN-3151-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3151-1" + }, + { + "name": "RHSA-2017:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c" + }, + { + "name": "40871", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40871/" + }, + { + "name": "USN-3149-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3149-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400019" + }, + { + "name": "44696", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44696/" + }, + { + "name": "SUSE-SU-2016:3247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html" + }, + { + "name": "USN-3151-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3151-2" + }, + { + "name": "SUSE-SU-2016:3183", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html" + }, + { + "name": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html" + }, + { + "name": "[oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/06/1" + }, + { + "name": "USN-3152-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3152-1" + }, + { + "name": "USN-3152-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3152-2" + }, + { + "name": "RHSA-2017:0386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html" + }, + { + "name": "1037403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037403" + }, + { + "name": "USN-3151-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3151-4" + }, + { + "name": "SUSE-SU-2016:3116", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html" + }, + { + "name": "SUSE-SU-2016:3113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-03-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01.html" + }, + { + "name": "SUSE-SU-2016:3205", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9137.json b/2016/9xxx/CVE-2016-9137.json index 25364946455..013ddc933c3 100644 --- a/2016/9xxx/CVE-2016-9137.json +++ b/2016/9xxx/CVE-2016-9137.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161101 Re: CVE assignment for PHP 5.6.27 and 7.0.12", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/11/01/2" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=73147", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=73147" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "DSA-3698", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3698" - }, - { - "name" : "93577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=73147", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=73147" + }, + { + "name": "http://www.php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-7.php" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "93577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93577" + }, + { + "name": "[oss-security] 20161101 Re: CVE assignment for PHP 5.6.27 and 7.0.12", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/11/01/2" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f" + }, + { + "name": "DSA-3698", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3698" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9157.json b/2016/9xxx/CVE-2016-9157.json index 596f3c7fde8..4791904e4d0 100644 --- a/2016/9xxx/CVE-2016-9157.json +++ b/2016/9xxx/CVE-2016-9157.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2016-9157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Siemens SICAM PAS through V8.08", - "version" : { - "version_data" : [ - { - "version_value" : "Siemens SICAM PAS through V8.08" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2016-9157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siemens SICAM PAS through V8.08", + "version": { + "version_data": [ + { + "version_value": "Siemens SICAM PAS through V8.08" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf" - }, - { - "name" : "94549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94549" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9505.json b/2016/9xxx/CVE-2016-9505.json index e49d266956e..f51f35abfd9 100644 --- a/2016/9xxx/CVE-2016-9505.json +++ b/2016/9xxx/CVE-2016-9505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9505", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9505", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9676.json b/2016/9xxx/CVE-2016-9676.json index 487efc6c2f2..d00f7f15519 100644 --- a/2016/9xxx/CVE-2016-9676.json +++ b/2016/9xxx/CVE-2016-9676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX219580", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX219580" - }, - { - "name" : "95620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95620" - }, - { - "name" : "1037625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX219580", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX219580" + }, + { + "name": "95620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95620" + }, + { + "name": "1037625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037625" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2178.json b/2019/2xxx/CVE-2019-2178.json index 826d0c0f5a8..fbc2eb1b776 100644 --- a/2019/2xxx/CVE-2019-2178.json +++ b/2019/2xxx/CVE-2019-2178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2178", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2178", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2308.json b/2019/2xxx/CVE-2019-2308.json index a923659b322..0556a30023b 100644 --- a/2019/2xxx/CVE-2019-2308.json +++ b/2019/2xxx/CVE-2019-2308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2696.json b/2019/2xxx/CVE-2019-2696.json index 0713a6b7f30..45cdbd75207 100644 --- a/2019/2xxx/CVE-2019-2696.json +++ b/2019/2xxx/CVE-2019-2696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3300.json b/2019/3xxx/CVE-2019-3300.json index 04dfb94fb80..9d76c01e4df 100644 --- a/2019/3xxx/CVE-2019-3300.json +++ b/2019/3xxx/CVE-2019-3300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3523.json b/2019/3xxx/CVE-2019-3523.json index 98e9242efd0..e2b54072511 100644 --- a/2019/3xxx/CVE-2019-3523.json +++ b/2019/3xxx/CVE-2019-3523.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3523", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3523", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3826.json b/2019/3xxx/CVE-2019-3826.json index da4917b552a..b641564ccf1 100644 --- a/2019/3xxx/CVE-2019-3826.json +++ b/2019/3xxx/CVE-2019-3826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3826", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3826", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3920.json b/2019/3xxx/CVE-2019-3920.json index 425232a791f..8054317f2a4 100644 --- a/2019/3xxx/CVE-2019-3920.json +++ b/2019/3xxx/CVE-2019-3920.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2019-02-27T00:00:00", - "ID" : "CVE-2019-3920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Alcatel Lucent I-240W-Q GPON ONT", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 3FE54567BOZJ19" - } - ] - } - } - ] - }, - "vendor_name" : "Tenable" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78: Improper Neutralization of Special Elements used in an OS Command" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2019-02-27T00:00:00", + "ID": "CVE-2019-3920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Alcatel Lucent I-240W-Q GPON ONT", + "version": { + "version_data": [ + { + "version_value": "Firmware version 3FE54567BOZJ19" + } + ] + } + } + ] + }, + "vendor_name": "Tenable" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2019-09", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2019-09" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2019-09", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2019-09" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6066.json b/2019/6xxx/CVE-2019-6066.json index c206a1436f1..e80abd996b9 100644 --- a/2019/6xxx/CVE-2019-6066.json +++ b/2019/6xxx/CVE-2019-6066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6066", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6066", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6113.json b/2019/6xxx/CVE-2019-6113.json index f54f7691164..3452103898a 100644 --- a/2019/6xxx/CVE-2019-6113.json +++ b/2019/6xxx/CVE-2019-6113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6690.json b/2019/6xxx/CVE-2019-6690.json index 55be6a781ac..98a00b20233 100644 --- a/2019/6xxx/CVE-2019-6690.json +++ b/2019/6xxx/CVE-2019-6690.json @@ -2,30 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6690", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } + "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", @@ -34,58 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "BID", - "name": "106756", - "url": "http://www.securityfocus.com/bid/106756" - }, - { - "url": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html" - }, - { - "url": "https://pypi.org/project/python-gnupg/#history", - "refsource": "MISC", - "name": "https://pypi.org/project/python-gnupg/#history" - }, - { - "refsource": "SUSE", - "name": "SU-2019:0143-1", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html" - }, - { - "refsource": "SUSE", - "name": "SUSE-SU-2019:0239-1", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html" - }, - { - "refsource": "MLIST", - "name": "[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html" - }, - { - "refsource": "BUGTRAQ", - "name": "20190125 CVE-2019-6690: Improper Input Validation in python-gnupg", - "url": "https://seclists.org/bugtraq/2019/Jan/41" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2019/6xxx/CVE-2019-6839.json b/2019/6xxx/CVE-2019-6839.json index fe9afc30f4d..4118928292a 100644 --- a/2019/6xxx/CVE-2019-6839.json +++ b/2019/6xxx/CVE-2019-6839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6839", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6839", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7077.json b/2019/7xxx/CVE-2019-7077.json index b57342f308d..c8a4e5a728b 100644 --- a/2019/7xxx/CVE-2019-7077.json +++ b/2019/7xxx/CVE-2019-7077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7346.json b/2019/7xxx/CVE-2019-7346.json index 29c0cab37a5..a5f328b830f 100644 --- a/2019/7xxx/CVE-2019-7346.json +++ b/2019/7xxx/CVE-2019-7346.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2469", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a \"Try again\" button, which allows resending the failed request, making the CSRF attack successful." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2469", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2469" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7544.json b/2019/7xxx/CVE-2019-7544.json index 7b8ef40fe63..40efc83aa82 100644 --- a/2019/7xxx/CVE-2019-7544.json +++ b/2019/7xxx/CVE-2019-7544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/0xUhaw/CVE-Bins/tree/master/MyWebSQL", - "refsource" : "MISC", - "url" : "https://github.com/0xUhaw/CVE-Bins/tree/master/MyWebSQL" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/0xUhaw/CVE-Bins/tree/master/MyWebSQL", + "refsource": "MISC", + "url": "https://github.com/0xUhaw/CVE-Bins/tree/master/MyWebSQL" + } + ] + } +} \ No newline at end of file