From 2cfb13d20e91ee24302df8e573b2867a22ee7002 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:06:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0418.json | 120 ++++++------- 1999/0xxx/CVE-1999-0820.json | 130 +++++++------- 1999/0xxx/CVE-1999-0978.json | 120 ++++++------- 1999/1xxx/CVE-1999-1344.json | 120 ++++++------- 2007/0xxx/CVE-2007-0227.json | 190 ++++++++++---------- 2007/0xxx/CVE-2007-0283.json | 180 +++++++++---------- 2007/0xxx/CVE-2007-0343.json | 170 +++++++++--------- 2007/1xxx/CVE-2007-1181.json | 160 ++++++++--------- 2007/1xxx/CVE-2007-1337.json | 200 ++++++++++----------- 2007/1xxx/CVE-2007-1465.json | 180 +++++++++---------- 2007/1xxx/CVE-2007-1548.json | 200 ++++++++++----------- 2007/1xxx/CVE-2007-1631.json | 150 ++++++++-------- 2007/1xxx/CVE-2007-1746.json | 34 ++-- 2007/1xxx/CVE-2007-1903.json | 190 ++++++++++---------- 2007/5xxx/CVE-2007-5241.json | 170 +++++++++--------- 2007/5xxx/CVE-2007-5280.json | 160 ++++++++--------- 2007/5xxx/CVE-2007-5822.json | 190 ++++++++++---------- 2015/3xxx/CVE-2015-3055.json | 150 ++++++++-------- 2015/3xxx/CVE-2015-3234.json | 160 ++++++++--------- 2015/3xxx/CVE-2015-3478.json | 34 ++-- 2015/3xxx/CVE-2015-3753.json | 170 +++++++++--------- 2015/3xxx/CVE-2015-3867.json | 120 ++++++------- 2015/4xxx/CVE-2015-4122.json | 34 ++-- 2015/4xxx/CVE-2015-4400.json | 140 +++++++-------- 2015/6xxx/CVE-2015-6330.json | 120 ++++++------- 2015/7xxx/CVE-2015-7670.json | 140 +++++++-------- 2015/7xxx/CVE-2015-7680.json | 150 ++++++++-------- 2015/7xxx/CVE-2015-7684.json | 140 +++++++-------- 2015/7xxx/CVE-2015-7940.json | 310 ++++++++++++++++----------------- 2015/8xxx/CVE-2015-8286.json | 170 +++++++++--------- 2015/8xxx/CVE-2015-8303.json | 120 ++++++------- 2015/8xxx/CVE-2015-8424.json | 220 +++++++++++------------ 2015/8xxx/CVE-2015-8781.json | 250 +++++++++++++-------------- 2015/9xxx/CVE-2015-9064.json | 142 +++++++-------- 2016/0xxx/CVE-2016-0064.json | 130 +++++++------- 2016/0xxx/CVE-2016-0366.json | 130 +++++++------- 2016/0xxx/CVE-2016-0815.json | 140 +++++++-------- 2016/0xxx/CVE-2016-0890.json | 130 +++++++------- 2016/1xxx/CVE-2016-1071.json | 140 +++++++-------- 2016/1xxx/CVE-2016-1104.json | 190 ++++++++++---------- 2016/1xxx/CVE-2016-1229.json | 140 +++++++-------- 2016/1xxx/CVE-2016-1617.json | 230 ++++++++++++------------ 2016/1xxx/CVE-2016-1828.json | 210 +++++++++++----------- 2016/5xxx/CVE-2016-5481.json | 130 +++++++------- 2016/5xxx/CVE-2016-5564.json | 130 +++++++------- 2016/5xxx/CVE-2016-5834.json | 180 +++++++++---------- 2018/2xxx/CVE-2018-2516.json | 34 ++-- 2019/0xxx/CVE-2019-0278.json | 34 ++-- 2019/0xxx/CVE-2019-0518.json | 34 ++-- 2019/0xxx/CVE-2019-0783.json | 34 ++-- 2019/1xxx/CVE-2019-1071.json | 34 ++-- 2019/1xxx/CVE-2019-1258.json | 34 ++-- 2019/1xxx/CVE-2019-1614.json | 326 +++++++++++++++++------------------ 2019/1xxx/CVE-2019-1651.json | 178 +++++++++---------- 2019/4xxx/CVE-2019-4129.json | 34 ++-- 2019/4xxx/CVE-2019-4183.json | 34 ++-- 2019/4xxx/CVE-2019-4577.json | 34 ++-- 2019/4xxx/CVE-2019-4945.json | 34 ++-- 2019/5xxx/CVE-2019-5094.json | 34 ++-- 2019/5xxx/CVE-2019-5320.json | 34 ++-- 2019/5xxx/CVE-2019-5436.json | 34 ++-- 2019/5xxx/CVE-2019-5613.json | 34 ++-- 2019/5xxx/CVE-2019-5938.json | 34 ++-- 2019/9xxx/CVE-2019-9025.json | 120 ++++++------- 2019/9xxx/CVE-2019-9187.json | 34 ++-- 2019/9xxx/CVE-2019-9717.json | 34 ++-- 66 files changed, 4158 insertions(+), 4158 deletions(-) diff --git a/1999/0xxx/CVE-1999-0418.json b/1999/0xxx/CVE-1999-0418.json index 9ff1d0c683a..3b02cb18426 100644 --- a/1999/0xxx/CVE-1999-0418.json +++ b/1999/0xxx/CVE-1999-0418.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many \"RCPT TO\" commands in the same connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990308 SMTP server account probing", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92100018214316&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many \"RCPT TO\" commands in the same connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990308 SMTP server account probing", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92100018214316&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0820.json b/1999/0xxx/CVE-1999-0820.json index 7e972f5d389..f5f862f473b 100644 --- a/1999/0xxx/CVE-1999-0820.json +++ b/1999/0xxx/CVE-1999-0820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/838" - }, - { - "name" : "5996", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/838" + }, + { + "name": "5996", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5996" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0978.json b/1999/0xxx/CVE-1999-0978.json index 08c62a14abd..235566fd8d7 100644 --- a/1999/0xxx/CVE-1999-0978.json +++ b/1999/0xxx/CVE-1999-0978.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "htdig allows remote attackers to execute commands via filenames with shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htdig allows remote attackers to execute commands via filenames with shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/867" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1344.json b/1999/1xxx/CVE-1999-1344.json index 4d55a812a79..a91b7596352 100644 --- a/1999/1xxx/CVE-1999-1344.json +++ b/1999/1xxx/CVE-1999-1344.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991005 Auto_FTP v0.02 Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=93923873006014&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991005 Auto_FTP v0.02 Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=93923873006014&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0227.json b/2007/0xxx/CVE-2007-0227.json index 5d246c553aa..f48b36dd45e 100644 --- a/2007/0xxx/CVE-2007-0227.json +++ b/2007/0xxx/CVE-2007-0227.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070110 Re: slocate leaks filenames of protected directories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456530/100/0/threaded" - }, - { - "name" : "20070110 slocate leaks filenames of protected directories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456489/100/0/threaded" - }, - { - "name" : "20070111 Re: slocate leaks filenames of protected directories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456593/100/0/threaded" - }, - { - "name" : "20070112 Re: slocate leaks filenames of protected directories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456739/100/0/threaded" - }, - { - "name" : "20070329 FLEA-2007-0005-1: slocate", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464220/30/7320/threaded" - }, - { - "name" : "USN-425-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-425-1" - }, - { - "name" : "21989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21989" - }, - { - "name" : "33465", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33465", + "refsource": "OSVDB", + "url": "http://osvdb.org/33465" + }, + { + "name": "20070112 Re: slocate leaks filenames of protected directories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456739/100/0/threaded" + }, + { + "name": "21989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21989" + }, + { + "name": "20070110 Re: slocate leaks filenames of protected directories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456530/100/0/threaded" + }, + { + "name": "20070110 slocate leaks filenames of protected directories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456489/100/0/threaded" + }, + { + "name": "20070111 Re: slocate leaks filenames of protected directories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456593/100/0/threaded" + }, + { + "name": "20070329 FLEA-2007-0005-1: slocate", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464220/30/7320/threaded" + }, + { + "name": "USN-425-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-425-1" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0283.json b/2007/0xxx/CVE-2007-0283.json index c3770c40966..e216f10b34d 100644 --- a/2007/0xxx/CVE-2007-0283.json +++ b/2007/0xxx/CVE-2007-0283.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "TA07-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "32896", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32896" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "oracle-cpu-jan2007(31541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "32896", + "refsource": "OSVDB", + "url": "http://osvdb.org/32896" + }, + { + "name": "TA07-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" + }, + { + "name": "oracle-cpu-jan2007(31541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0343.json b/2007/0xxx/CVE-2007-0343.json index 8eda1c4c078..db7238e2f10 100644 --- a/2007/0xxx/CVE-2007-0343.json +++ b/2007/0xxx/CVE-2007-0343.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[3.9] 018: RELIABILITY FIX: January 16, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata39.html#icmp6" - }, - { - "name" : "[4.0] 008: RELIABILITY FIX: January 16, 2007", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#icmp6" - }, - { - "name" : "22087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22087" - }, - { - "name" : "32935", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32935" - }, - { - "name" : "1017518", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017518" - }, - { - "name" : "23830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017518", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017518" + }, + { + "name": "22087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22087" + }, + { + "name": "23830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23830" + }, + { + "name": "32935", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32935" + }, + { + "name": "[3.9] 018: RELIABILITY FIX: January 16, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata39.html#icmp6" + }, + { + "name": "[4.0] 008: RELIABILITY FIX: January 16, 2007", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#icmp6" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1181.json b/2007/1xxx/CVE-2007-1181.json index c4bb592af61..a0dd2272863 100644 --- a/2007/1xxx/CVE-2007-1181.json +++ b/2007/1xxx/CVE-2007-1181.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250" - }, - { - "name" : "22563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22563" - }, - { - "name" : "ADV-2007-0604", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0604" - }, - { - "name" : "33291", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33291" - }, - { - "name" : "24080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33291", + "refsource": "OSVDB", + "url": "http://osvdb.org/33291" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250" + }, + { + "name": "ADV-2007-0604", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0604" + }, + { + "name": "24080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24080" + }, + { + "name": "22563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22563" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1337.json b/2007/1xxx/CVE-2007-1337.json index 25c53968f2a..2f64ec95be5 100644 --- a/2007/1xxx/CVE-2007-1337.json +++ b/2007/1xxx/CVE-2007-1337.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070507 VMSA-2007-0004 Multiple Denial-of-Service issues fixed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/467936/30/6690/threaded" - }, - { - "name" : "20070518 VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469011/30/6510/threaded" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554" - }, - { - "name" : "23732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23732" - }, - { - "name" : "ADV-2007-1592", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1592" - }, - { - "name" : "35508", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35508" - }, - { - "name" : "1018011", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018011" - }, - { - "name" : "25079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25079" - }, - { - "name" : "vmware-acpi-unspecified(33990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vmware-acpi-unspecified(33990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33990" + }, + { + "name": "23732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23732" + }, + { + "name": "ADV-2007-1592", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1592" + }, + { + "name": "35508", + "refsource": "OSVDB", + "url": "http://osvdb.org/35508" + }, + { + "name": "20070518 VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469011/30/6510/threaded" + }, + { + "name": "25079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25079" + }, + { + "name": "1018011", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018011" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554" + }, + { + "name": "20070507 VMSA-2007-0004 Multiple Denial-of-Service issues fixed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/467936/30/6690/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1465.json b/2007/1xxx/CVE-2007-1465.json index 33d03c41a2f..ee89622cea2 100644 --- a/2007/1xxx/CVE-2007-1465.json +++ b/2007/1xxx/CVE-2007-1465.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070323 dproxy - arbitrary code execution through stack buffer overflow vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2007/Mar/0409.html" - }, - { - "name" : "https://www.cynops.de/advisories/CVE-2007-1465.txt", - "refsource" : "MISC", - "url" : "https://www.cynops.de/advisories/CVE-2007-1465.txt" - }, - { - "name" : "23112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23112" - }, - { - "name" : "ADV-2007-1091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1091" - }, - { - "name" : "34449", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34449" - }, - { - "name" : "24623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24623" - }, - { - "name" : "dproxy-udp-packet-bo(33171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24623" + }, + { + "name": "20070323 dproxy - arbitrary code execution through stack buffer overflow vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2007/Mar/0409.html" + }, + { + "name": "https://www.cynops.de/advisories/CVE-2007-1465.txt", + "refsource": "MISC", + "url": "https://www.cynops.de/advisories/CVE-2007-1465.txt" + }, + { + "name": "dproxy-udp-packet-bo(33171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33171" + }, + { + "name": "23112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23112" + }, + { + "name": "34449", + "refsource": "OSVDB", + "url": "http://osvdb.org/34449" + }, + { + "name": "ADV-2007-1091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1091" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1548.json b/2007/1xxx/CVE-2007-1548.json index 8b5b7e977bb..7b8e4b0b3a3 100644 --- a/2007/1xxx/CVE-2007-1548.json +++ b/2007/1xxx/CVE-2007-1548.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"' (backslash double-quote quote) sequences, which are collapsed into \\'', as demonstrated via the name parameter to forum/pop_up_member_search.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463287/100/0/threaded" - }, - { - "name" : "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html", - "refsource" : "MISC", - "url" : "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html" - }, - { - "name" : "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt", - "refsource" : "CONFIRM", - "url" : "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt" - }, - { - "name" : "23051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23051" - }, - { - "name" : "ADV-2007-1061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1061" - }, - { - "name" : "34344", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34344" - }, - { - "name" : "24561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24561" - }, - { - "name" : "2456", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2456" - }, - { - "name" : "webwizforums-popupmember-sql-injection(33095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \\\"' (backslash double-quote quote) sequences, which are collapsed into \\'', as demonstrated via the name parameter to forum/pop_up_member_search.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23051" + }, + { + "name": "24561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24561" + }, + { + "name": "ADV-2007-1061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1061" + }, + { + "name": "webwizforums-popupmember-sql-injection(33095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33095" + }, + { + "name": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt", + "refsource": "CONFIRM", + "url": "http://www.webwizguide.info/web_wiz_forums/Version%20History.txt" + }, + { + "name": "20070320 Web Wiz Forums 8.05 (MySQL version) SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463287/100/0/threaded" + }, + { + "name": "2456", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2456" + }, + { + "name": "34344", + "refsource": "OSVDB", + "url": "http://osvdb.org/34344" + }, + { + "name": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html", + "refsource": "MISC", + "url": "http://ifsec.blogspot.com/2007/03/web-wiz-forums-805-mysql-version-sql.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1631.json b/2007/1xxx/CVE-2007-1631.json index 24fffbc768c..106cca6e07a 100644 --- a/2007/1xxx/CVE-2007-1631.json +++ b/2007/1xxx/CVE-2007-1631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070317 CLBOX <= (signup.php header) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463076/100/0/threaded" - }, - { - "name" : "20070319 Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability]", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-March/001443.html" - }, - { - "name" : "33503", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33503" - }, - { - "name" : "2469", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070317 CLBOX <= (signup.php header) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463076/100/0/threaded" + }, + { + "name": "33503", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33503" + }, + { + "name": "20070319 Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability]", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-March/001443.html" + }, + { + "name": "2469", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2469" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1746.json b/2007/1xxx/CVE-2007-1746.json index 16ecad750ce..be6a3d58be8 100644 --- a/2007/1xxx/CVE-2007-1746.json +++ b/2007/1xxx/CVE-2007-1746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1746", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1746", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1903.json b/2007/1xxx/CVE-2007-1903.json index 9e7405bc514..c08b7197767 100644 --- a/2007/1xxx/CVE-2007-1903.json +++ b/2007/1xxx/CVE-2007-1903.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070514 SonicBB version 1.0 XSS Attack Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468537/100/0/threaded" - }, - { - "name" : "20070514 SonicBB version 1.0 XSS Attack Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=117914615830702&w=2" - }, - { - "name" : "http://www.netvigilance.com/advisory0020", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0020" - }, - { - "name" : "23963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23963" - }, - { - "name" : "ADV-2007-1816", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1816" - }, - { - "name" : "34042", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34042" - }, - { - "name" : "25279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25279" - }, - { - "name" : "sonicbb-search-xss(34256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070514 SonicBB version 1.0 XSS Attack Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=117914615830702&w=2" + }, + { + "name": "20070514 SonicBB version 1.0 XSS Attack Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468537/100/0/threaded" + }, + { + "name": "sonicbb-search-xss(34256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34256" + }, + { + "name": "ADV-2007-1816", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1816" + }, + { + "name": "25279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25279" + }, + { + "name": "34042", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34042" + }, + { + "name": "http://www.netvigilance.com/advisory0020", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0020" + }, + { + "name": "23963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23963" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5241.json b/2007/5xxx/CVE-2007-5241.json index 2f6ae29032d..d7d364dddcc 100644 --- a/2007/5xxx/CVE-2007-5241.json +++ b/2007/5xxx/CVE-2007-5241.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the \"MCR MCL SHOW CSMA-CD Port * All\" command, which overwrites a Non-Paged Pool Packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openvms-alerts] 20071003 VMS83A_LAN-V0200, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/582.html" - }, - { - "name" : "[openvms-alerts] 20071003 VMS83I_LAN-V0600, ECO Kit Release", - "refsource" : "MLIST", - "url" : "http://mail.openvms.org:8100/Lists/alerts/Message/583.html" - }, - { - "name" : "25939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25939" - }, - { - "name" : "ADV-2007-3382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3382" - }, - { - "name" : "37811", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37811" - }, - { - "name" : "27084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the \"MCR MCL SHOW CSMA-CD Port * All\" command, which overwrites a Non-Paged Pool Packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37811", + "refsource": "OSVDB", + "url": "http://osvdb.org/37811" + }, + { + "name": "25939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25939" + }, + { + "name": "27084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27084" + }, + { + "name": "[openvms-alerts] 20071003 VMS83I_LAN-V0600, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/583.html" + }, + { + "name": "ADV-2007-3382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3382" + }, + { + "name": "[openvms-alerts] 20071003 VMS83A_LAN-V0200, ECO Kit Release", + "refsource": "MLIST", + "url": "http://mail.openvms.org:8100/Lists/alerts/Message/582.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5280.json b/2007/5xxx/CVE-2007-5280.json index 89411a1fb47..a34076481e9 100644 --- a/2007/5xxx/CVE-2007-5280.json +++ b/2007/5xxx/CVE-2007-5280.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://appfuse.org/display/APF/Release+Notes+2.0", - "refsource" : "CONFIRM", - "url" : "http://appfuse.org/display/APF/Release+Notes+2.0" - }, - { - "name" : "http://issues.appfuse.org/browse/APF-880", - "refsource" : "CONFIRM", - "url" : "http://issues.appfuse.org/browse/APF-880" - }, - { - "name" : "25927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25927" - }, - { - "name" : "37423", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37423" - }, - { - "name" : "27041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://appfuse.org/display/APF/Release+Notes+2.0", + "refsource": "CONFIRM", + "url": "http://appfuse.org/display/APF/Release+Notes+2.0" + }, + { + "name": "27041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27041" + }, + { + "name": "37423", + "refsource": "OSVDB", + "url": "http://osvdb.org/37423" + }, + { + "name": "http://issues.appfuse.org/browse/APF-880", + "refsource": "CONFIRM", + "url": "http://issues.appfuse.org/browse/APF-880" + }, + { + "name": "25927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25927" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5822.json b/2007/5xxx/CVE-2007-5822.json index f6d4955de9f..2e141b5c16b 100644 --- a/2007/5xxx/CVE-2007-5822.json +++ b/2007/5xxx/CVE-2007-5822.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071101 Scribe <= 2.0 Remote PHP Code Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483183/100/0/threaded" - }, - { - "name" : "4596", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4596" - }, - { - "name" : "http://www.inj3ct-it.org/exploit/scribe.txt", - "refsource" : "MISC", - "url" : "http://www.inj3ct-it.org/exploit/scribe.txt" - }, - { - "name" : "26302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26302" - }, - { - "name" : "ADV-2007-3746", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3746" - }, - { - "name" : "45287", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45287" - }, - { - "name" : "3339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3339" - }, - { - "name" : "scribe-username-code-execution(38227)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4596", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4596" + }, + { + "name": "20071101 Scribe <= 2.0 Remote PHP Code Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483183/100/0/threaded" + }, + { + "name": "scribe-username-code-execution(38227)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38227" + }, + { + "name": "45287", + "refsource": "OSVDB", + "url": "http://osvdb.org/45287" + }, + { + "name": "ADV-2007-3746", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3746" + }, + { + "name": "http://www.inj3ct-it.org/exploit/scribe.txt", + "refsource": "MISC", + "url": "http://www.inj3ct-it.org/exploit/scribe.txt" + }, + { + "name": "26302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26302" + }, + { + "name": "3339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3339" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3055.json b/2015/3xxx/CVE-2015-3055.json index 3af821d224d..ffae307639e 100644 --- a/2015/3xxx/CVE-2015-3055.json +++ b/2015/3xxx/CVE-2015-3055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-213", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-213" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html" - }, - { - "name" : "74602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74602" - }, - { - "name" : "1032284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-213", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-213" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html" + }, + { + "name": "1032284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032284" + }, + { + "name": "74602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74602" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3234.json b/2015/3xxx/CVE-2015-3234.json index 4c901779a2a..0abced50e10 100644 --- a/2015/3xxx/CVE-2015-3234.json +++ b/2015/3xxx/CVE-2015-3234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-CORE-2015-002", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2015-002" - }, - { - "name" : "DSA-3291", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3291" - }, - { - "name" : "FEDORA-2015-10189", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html" - }, - { - "name" : "FEDORA-2015-10290", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html" - }, - { - "name" : "75294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-10189", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html" + }, + { + "name": "75294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75294" + }, + { + "name": "DSA-3291", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3291" + }, + { + "name": "FEDORA-2015-10290", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html" + }, + { + "name": "https://www.drupal.org/SA-CORE-2015-002", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2015-002" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3478.json b/2015/3xxx/CVE-2015-3478.json index 733c8088958..0ff5117944e 100644 --- a/2015/3xxx/CVE-2015-3478.json +++ b/2015/3xxx/CVE-2015-3478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3753.json b/2015/3xxx/CVE-2015-3753.json index 299fa6a7478..6b882aeb8ab 100644 --- a/2015/3xxx/CVE-2015-3753.json +++ b/2015/3xxx/CVE-2015-3753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205033", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205033" - }, - { - "name" : "APPLE-SA-2015-08-13-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76341" - }, - { - "name" : "1033274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033274" + }, + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "76341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76341" + }, + { + "name": "APPLE-SA-2015-08-13-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" + }, + { + "name": "https://support.apple.com/kb/HT205033", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205033" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3867.json b/2015/3xxx/CVE-2015-3867.json index b6fe54ddbaa..e01a0093066 100644 --- a/2015/3xxx/CVE-2015-3867.json +++ b/2015/3xxx/CVE-2015-3867.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-3867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4122.json b/2015/4xxx/CVE-2015-4122.json index 3c563d6e8aa..80f821965e2 100644 --- a/2015/4xxx/CVE-2015-4122.json +++ b/2015/4xxx/CVE-2015-4122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4400.json b/2015/4xxx/CVE-2015-4400.json index 0d6fbfa52ef..35624889519 100644 --- a/2015/4xxx/CVE-2015-4400.json +++ b/2015/4xxx/CVE-2015-4400.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", - "refsource" : "MISC", - "url" : "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell" - }, - { - "name" : "https://fortiguard.com/zeroday/FG-VD-15-021", - "refsource" : "MISC", - "url" : "https://fortiguard.com/zeroday/FG-VD-15-021" - }, - { - "name" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", - "refsource" : "MISC", - "url" : "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/zeroday/FG-VD-15-021", + "refsource": "MISC", + "url": "https://fortiguard.com/zeroday/FG-VD-15-021" + }, + { + "name": "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", + "refsource": "MISC", + "url": "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/" + }, + { + "name": "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", + "refsource": "MISC", + "url": "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6330.json b/2015/6xxx/CVE-2015-6330.json index 5f699c8a8aa..46bd399f24e 100644 --- a/2015/6xxx/CVE-2015-6330.json +++ b/2015/6xxx/CVE-2015-6330.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151116 Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151116 Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7670.json b/2015/7xxx/CVE-2015-7670.json index 839a83f117f..8cbb22dad5f 100644 --- a/2015/7xxx/CVE-2015-7670.json +++ b/2015/7xxx/CVE-2015-7670.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151006 [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536624/100/0/threaded" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8207", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8207" - }, - { - "name" : "https://wordpress.org/plugins/simple-support-ticket-system/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/simple-support-ticket-system/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/simple-support-ticket-system/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/simple-support-ticket-system/#developers" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8207", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8207" + }, + { + "name": "20151006 [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536624/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7680.json b/2015/7xxx/CVE-2015-7680.json index ca1c028dd36..59d0e7efa7a 100644 --- a/2015/7xxx/CVE-2015-7680.json +++ b/2015/7xxx/CVE-2015-7680.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160127 Multiple security issues in MOVEit Managed File Transfer application", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jan/95" - }, - { - "name" : "http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html" - }, - { - "name" : "https://profundis-labs.com/advisories/CVE-2015-7680.txt", - "refsource" : "MISC", - "url" : "https://profundis-labs.com/advisories/CVE-2015-7680.txt" - }, - { - "name" : "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", - "refsource" : "CONFIRM", - "url" : "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160127 Multiple security issues in MOVEit Managed File Transfer application", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jan/95" + }, + { + "name": "https://profundis-labs.com/advisories/CVE-2015-7680.txt", + "refsource": "MISC", + "url": "https://profundis-labs.com/advisories/CVE-2015-7680.txt" + }, + { + "name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", + "refsource": "CONFIRM", + "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" + }, + { + "name": "http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7684.json b/2015/7xxx/CVE-2015-7684.json index 49c959ca4ff..8479265bc62 100644 --- a/2015/7xxx/CVE-2015-7684.json +++ b/2015/7xxx/CVE-2015-7684.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150217 [CVE-REQUEST] Multiple vulnerabilities on GLPI", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/71" - }, - { - "name" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338", - "refsource" : "CONFIRM", - "url" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338" - }, - { - "name" : "https://forge.glpi-project.org/issues/5217", - "refsource" : "CONFIRM", - "url" : "https://forge.glpi-project.org/issues/5217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150217 [CVE-REQUEST] Multiple vulnerabilities on GLPI", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/71" + }, + { + "name": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338", + "refsource": "CONFIRM", + "url": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338" + }, + { + "name": "https://forge.glpi-project.org/issues/5217", + "refsource": "CONFIRM", + "url": "https://forge.glpi-project.org/issues/5217" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7940.json b/2015/7xxx/CVE-2015-7940.json index e5f84067b8c..5b2471ae7bc 100644 --- a/2015/7xxx/CVE-2015-7940.json +++ b/2015/7xxx/CVE-2015-7940.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/22/7" - }, - { - "name" : "[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/22/9" - }, - { - "name" : "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html", - "refsource" : "MISC", - "url" : "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-3417", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3417" - }, - { - "name" : "FEDORA-2015-7d95466eda", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html" - }, - { - "name" : "RHSA-2016:2035", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2035.html" - }, - { - "name" : "RHSA-2016:2036", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2036.html" - }, - { - "name" : "openSUSE-SU-2015:1911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html" - }, - { - "name" : "USN-3727-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3727-1/" - }, - { - "name" : "79091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79091" - }, - { - "name" : "1037036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037036" - }, - { - "name" : "1037046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037046" - }, - { - "name" : "1037053", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2035", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "79091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79091" + }, + { + "name": "openSUSE-SU-2015:1911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html" + }, + { + "name": "FEDORA-2015-7d95466eda", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "RHSA-2016:2036", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "USN-3727-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3727-1/" + }, + { + "name": "[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/22/9" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "1037036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037036" + }, + { + "name": "[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/22/7" + }, + { + "name": "DSA-3417", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3417" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html", + "refsource": "MISC", + "url": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html" + }, + { + "name": "1037046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037046" + }, + { + "name": "1037053", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037053" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8286.json b/2015/8xxx/CVE-2015-8286.json index dabbad21262..682ecb34189 100644 --- a/2015/8xxx/CVE-2015-8286.json +++ b/2015/8xxx/CVE-2015-8286.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-8286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Jun/117" - }, - { - "name" : "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html", - "refsource" : "MISC", - "url" : "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html" - }, - { - "name" : "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/", - "refsource" : "MISC", - "url" : "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/" - }, - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root" - }, - { - "name" : "VU#899080", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/899080" - }, - { - "name" : "VU#923388", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/923388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/", + "refsource": "MISC", + "url": "http://www.forbes.com/sites/andygreenberg/2013/01/28/more-than-a-dozen-brands-of-security-camera-systems-vulnerable-to-hacker-hijacking/" + }, + { + "name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html", + "refsource": "MISC", + "url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html" + }, + { + "name": "VU#899080", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/899080" + }, + { + "name": "VU#923388", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/923388" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/23/ray-sharp-cctv-dvr-password-retrieval-remote-root" + }, + { + "name": "20150625 CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Jun/117" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8303.json b/2015/8xxx/CVE-2015-8303.json index 5b2247833f9..0d7def1cc00 100644 --- a/2015/8xxx/CVE-2015-8303.json +++ b/2015/8xxx/CVE-2015-8303.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462410.htm" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8424.json b/2015/8xxx/CVE-2015-8424.json index 14d3aeb470e..5fbc88258fb 100644 --- a/2015/8xxx/CVE-2015-8424.json +++ b/2015/8xxx/CVE-2015-8424.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39048", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39048/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "39048", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39048/" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8781.json b/2015/8xxx/CVE-2015-8781.json index 91d2ab30145..221699fb70c 100644 --- a/2015/8xxx/CVE-2015-8781.json +++ b/2015/8xxx/CVE-2015-8781.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-8781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/24/3" - }, - { - "name" : "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/24/7" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3467", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3467" - }, - { - "name" : "GLSA-201701-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-16" - }, - { - "name" : "RHSA-2016:1546", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html" - }, - { - "name" : "RHSA-2016:1547", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html" - }, - { - "name" : "openSUSE-SU-2016:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html" - }, - { - "name" : "openSUSE-SU-2016:0414", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html" - }, - { - "name" : "USN-2939-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2939-1" - }, - { - "name" : "81730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "openSUSE-SU-2016:0414", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html" + }, + { + "name": "RHSA-2016:1547", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "81730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81730" + }, + { + "name": "openSUSE-SU-2016:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html" + }, + { + "name": "USN-2939-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2939-1" + }, + { + "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7" + }, + { + "name": "GLSA-201701-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-16" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "RHSA-2016:1546", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html" + }, + { + "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3" + }, + { + "name": "DSA-3467", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3467" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9064.json b/2015/9xxx/CVE-2015-9064.json index b2bfe6afafd..1504bf59d21 100644 --- a/2015/9xxx/CVE-2015-9064.json +++ b/2015/9xxx/CVE-2015-9064.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in LTE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in LTE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0064.json b/2016/0xxx/CVE-2016-0064.json index 6244058f93f..06bcb8b7997 100644 --- a/2016/0xxx/CVE-2016-0064.json +++ b/2016/0xxx/CVE-2016-0064.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009" - }, - { - "name" : "1034971", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034971", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034971" + }, + { + "name": "MS16-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0366.json b/2016/0xxx/CVE-2016-0366.json index 1d9529afe7a..5b4579f10e6 100644 --- a/2016/0xxx/CVE-2016-0366.json +++ b/2016/0xxx/CVE-2016-0366.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986260", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21986260" - }, - { - "name" : "ibm-sim-cve20160366-weak-security(112071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/112071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260" + }, + { + "name": "ibm-sim-cve20160366-weak-security(112071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112071" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0815.json b/2016/0xxx/CVE-2016-0815.json index 056702fc754..db3ae9cead1 100644 --- a/2016/0xxx/CVE-2016-0815.json +++ b/2016/0xxx/CVE-2016-0815.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-03-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-03-01.html" - }, - { - "name" : "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb" - }, - { - "name" : "84235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb" + }, + { + "name": "84235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84235" + }, + { + "name": "http://source.android.com/security/bulletin/2016-03-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-03-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0890.json b/2016/0xxx/CVE-2016-0890.json index 628258d6ea4..20492cf9a31 100644 --- a/2016/0xxx/CVE-2016-0890.json +++ b/2016/0xxx/CVE-2016-0890.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC PowerPath Virtual (Management) Appliance EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1", - "version" : { - "version_data" : [ - { - "version_value" : "EMC PowerPath Virtual (Management) Appliance EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC PowerPath Virtual (Management) Appliance EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1", + "version": { + "version_data": [ + { + "version_value": "EMC PowerPath Virtual (Management) Appliance EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540065/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540065/30/0/threaded" - }, - { - "name" : "95832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95832" + }, + { + "name": "http://www.securityfocus.com/archive/1/540065/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540065/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1071.json b/2016/1xxx/CVE-2016-1071.json index f5aaa58d2a3..9f6f2388989 100644 --- a/2016/1xxx/CVE-2016-1071.json +++ b/2016/1xxx/CVE-2016-1071.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-1071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-319", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-319" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" - }, - { - "name" : "1035828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-319", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-319" + }, + { + "name": "1035828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035828" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1104.json b/2016/1xxx/CVE-2016-1104.json index 7afad8bb849..edcbfaa88ca 100644 --- a/2016/1xxx/CVE-2016-1104.json +++ b/2016/1xxx/CVE-2016-1104.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39825", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39825/" - }, - { - "name" : "http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "MS16-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "SUSE-SU-2016:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - }, - { - "name" : "1035827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137055/Adobe-Flash-Object-Placing-Out-Of-Bounds-Read.html" + }, + { + "name": "SUSE-SU-2016:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "1035827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035827" + }, + { + "name": "39825", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39825/" + }, + { + "name": "MS16-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1229.json b/2016/1xxx/CVE-2016-1229.json index ac813d6ed26..e7070a46a30 100644 --- a/2016/1xxx/CVE-2016-1229.json +++ b/2016/1xxx/CVE-2016-1229.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3", - "refsource" : "CONFIRM", - "url" : "https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3" - }, - { - "name" : "JVN#56167268", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN56167268/index.html" - }, - { - "name" : "JVNDB-2016-000068", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000068", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000068" + }, + { + "name": "JVN#56167268", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN56167268/index.html" + }, + { + "name": "https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3", + "refsource": "CONFIRM", + "url": "https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1617.json b/2016/1xxx/CVE-2016-1617.json index 72619572abd..d88024ef1ee 100644 --- a/2016/1xxx/CVE-2016-1617.json +++ b/2016/1xxx/CVE-2016-1617.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=544765", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=544765" - }, - { - "name" : "https://codereview.chromium.org/1455973003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1455973003" - }, - { - "name" : "DSA-3456", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3456" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2016:0072", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0072.html" - }, - { - "name" : "openSUSE-SU-2016:0249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:0250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html" - }, - { - "name" : "openSUSE-SU-2016:0271", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html" - }, - { - "name" : "USN-2877-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2877-1" - }, - { - "name" : "81430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81430" - }, - { - "name" : "1034801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81430" + }, + { + "name": "RHSA-2016:0072", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html" + }, + { + "name": "https://codereview.chromium.org/1455973003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1455973003" + }, + { + "name": "USN-2877-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2877-1" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html" + }, + { + "name": "1034801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034801" + }, + { + "name": "openSUSE-SU-2016:0249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "openSUSE-SU-2016:0271", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html" + }, + { + "name": "DSA-3456", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3456" + }, + { + "name": "openSUSE-SU-2016:0250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=544765", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=544765" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1828.json b/2016/1xxx/CVE-2016-1828.json index 76a4d5d7024..5a876a68a4d 100644 --- a/2016/1xxx/CVE-2016-1828.json +++ b/2016/1xxx/CVE-2016-1828.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206564", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206564" - }, - { - "name" : "https://support.apple.com/HT206566", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206566" - }, - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://support.apple.com/HT206568", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206568" - }, - { - "name" : "APPLE-SA-2016-05-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2016-05-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2016-05-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90691" - }, - { - "name" : "1035890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "90691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90691" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "https://support.apple.com/HT206566", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206566" + }, + { + "name": "APPLE-SA-2016-05-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html" + }, + { + "name": "https://support.apple.com/HT206564", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206564" + }, + { + "name": "1035890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035890" + }, + { + "name": "APPLE-SA-2016-05-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" + }, + { + "name": "https://support.apple.com/HT206568", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206568" + }, + { + "name": "APPLE-SA-2016-05-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5481.json b/2016/5xxx/CVE-2016-5481.json index 723688df35e..7eeb2533726 100644 --- a/2016/5xxx/CVE-2016-5481.json +++ b/2016/5xxx/CVE-2016-5481.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93705" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5564.json b/2016/5xxx/CVE-2016-5564.json index ebd11bc9722..b7816d3f65c 100644 --- a/2016/5xxx/CVE-2016-5564.json +++ b/2016/5xxx/CVE-2016-5564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to OPERA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "93765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to OPERA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93765" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5834.json b/2016/5xxx/CVE-2016-5834.json index 03b77cc22fe..e7bd67a69e4 100644 --- a/2016/5xxx/CVE-2016-5834.json +++ b/2016/5xxx/CVE-2016-5834.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-5834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/8518", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8518" - }, - { - "name" : "https://codex.wordpress.org/Version_4.5.3", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.5.3" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648" - }, - { - "name" : "https://wordpress.org/news/2016/06/wordpress-4-5-3/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2016/06/wordpress-4-5-3/" - }, - { - "name" : "DSA-3639", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3639" - }, - { - "name" : "91368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91368" - }, - { - "name" : "1036163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/news/2016/06/wordpress-4-5-3/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2016/06/wordpress-4-5-3/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8518", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8518" + }, + { + "name": "https://codex.wordpress.org/Version_4.5.3", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.5.3" + }, + { + "name": "1036163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036163" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648" + }, + { + "name": "91368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91368" + }, + { + "name": "DSA-3639", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3639" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2516.json b/2018/2xxx/CVE-2018-2516.json index 200fb269c3d..2a48eabbdc3 100644 --- a/2018/2xxx/CVE-2018-2516.json +++ b/2018/2xxx/CVE-2018-2516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0278.json b/2019/0xxx/CVE-2019-0278.json index 52b3fad3e94..696a4649970 100644 --- a/2019/0xxx/CVE-2019-0278.json +++ b/2019/0xxx/CVE-2019-0278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0518.json b/2019/0xxx/CVE-2019-0518.json index 82c46f9591f..f6ccfb9889c 100644 --- a/2019/0xxx/CVE-2019-0518.json +++ b/2019/0xxx/CVE-2019-0518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0518", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0518", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0783.json b/2019/0xxx/CVE-2019-0783.json index cb3279d522f..763dc652500 100644 --- a/2019/0xxx/CVE-2019-0783.json +++ b/2019/0xxx/CVE-2019-0783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1071.json b/2019/1xxx/CVE-2019-1071.json index 865e63c3798..393ded6d988 100644 --- a/2019/1xxx/CVE-2019-1071.json +++ b/2019/1xxx/CVE-2019-1071.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1071", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1071", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1258.json b/2019/1xxx/CVE-2019-1258.json index 517dee4a644..361ae343f83 100644 --- a/2019/1xxx/CVE-2019-1258.json +++ b/2019/1xxx/CVE-2019-1258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1614.json b/2019/1xxx/CVE-2019-1614.json index 50462c6d60d..64dd687e243 100644 --- a/2019/1xxx/CVE-2019-1614.json +++ b/2019/1xxx/CVE-2019-1614.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-03-06T16:00:00-0800", - "ID" : "CVE-2019-1614", - "STATE" : "PUBLIC", - "TITLE" : "Cisco NX-OS Software NX-API Command Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MDS 9000 Series Multilayer Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "8.1(1b)" - }, - { - "affected" : "<", - "version_value" : "8.2(3)" - } - ] - } - }, - { - "product_name" : "Nexus 3000 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I4(9)" - }, - { - "affected" : "<", - "version_value" : "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name" : "Nexus 3500 Platform Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name" : "Nexus 2000, 5500, 5600, and 6000 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.3(4)N1(1)" - } - ] - } - }, - { - "product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.0(3)I4(9)" - }, - { - "affected" : "<", - "version_value" : "7.0(3)I7(4)" - } - ] - } - }, - { - "product_name" : "Nexus 7000 and 7700 Series Switches", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "7.3(3)D1(1)" - }, - { - "affected" : "<", - "version_value" : "8.2(3)" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges. Note: NX-API is disabled by default. MDS 9000 Series Multilayer Switches are affected running software versions prior to 8.1(1b) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.3(4)N1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 7.3(3)D1(1) and 8.2(3)." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "8.8", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-03-06T16:00:00-0800", + "ID": "CVE-2019-1614", + "STATE": "PUBLIC", + "TITLE": "Cisco NX-OS Software NX-API Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MDS 9000 Series Multilayer Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "8.1(1b)" + }, + { + "affected": "<", + "version_value": "8.2(3)" + } + ] + } + }, + { + "product_name": "Nexus 3000 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I4(9)" + }, + { + "affected": "<", + "version_value": "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name": "Nexus 3500 Platform Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.3(4)N1(1)" + } + ] + } + }, + { + "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.0(3)I4(9)" + }, + { + "affected": "<", + "version_value": "7.0(3)I7(4)" + } + ] + } + }, + { + "product_name": "Nexus 7000 and 7700 Series Switches", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "7.3(3)D1(1)" + }, + { + "affected": "<", + "version_value": "8.2(3)" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190306 Cisco NX-OS Software NX-API Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj" - }, - { - "name" : "107339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107339" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190306-nxos-NXAPI-cmdinj", - "defect" : [ - [ - "CSCvj17615", - "CSCvk51420", - "CSCvk51423" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges. Note: NX-API is disabled by default. MDS 9000 Series Multilayer Switches are affected running software versions prior to 8.1(1b) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.3(4)N1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 7.3(3)D1(1) and 8.2(3)." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107339" + }, + { + "name": "20190306 Cisco NX-OS Software NX-API Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190306-nxos-NXAPI-cmdinj", + "defect": [ + [ + "CSCvj17615", + "CSCvk51420", + "CSCvk51423" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1651.json b/2019/1xxx/CVE-2019-1651.json index c064d6f39d7..903e4e0b6d1 100644 --- a/2019/1xxx/CVE-2019-1651.json +++ b/2019/1xxx/CVE-2019-1651.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2019-1651", - "STATE" : "PUBLIC", - "TITLE" : "Cisco SD-WAN Solution Buffer Overflow Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco SD-WAN Solution ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "9.9", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2019-1651", + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution Buffer Overflow Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190123 Cisco SD-WAN Solution Buffer Overflow Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo" - }, - { - "name" : "106703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106703" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-sdwan-bo", - "defect" : [ - [ - "CSCvm25955" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.9", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106703" + }, + { + "name": "20190123 Cisco SD-WAN Solution Buffer Overflow Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-sdwan-bo", + "defect": [ + [ + "CSCvm25955" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4129.json b/2019/4xxx/CVE-2019-4129.json index 76ac8ca8d0a..9425e0b740d 100644 --- a/2019/4xxx/CVE-2019-4129.json +++ b/2019/4xxx/CVE-2019-4129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4129", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4129", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4183.json b/2019/4xxx/CVE-2019-4183.json index e165c211f5d..98c6c274637 100644 --- a/2019/4xxx/CVE-2019-4183.json +++ b/2019/4xxx/CVE-2019-4183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4577.json b/2019/4xxx/CVE-2019-4577.json index 86ef28a7998..2f4b0e06f11 100644 --- a/2019/4xxx/CVE-2019-4577.json +++ b/2019/4xxx/CVE-2019-4577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4945.json b/2019/4xxx/CVE-2019-4945.json index d541456a400..5b10810187f 100644 --- a/2019/4xxx/CVE-2019-4945.json +++ b/2019/4xxx/CVE-2019-4945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index 93d4fbbb619..44e04ed7b08 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5320.json b/2019/5xxx/CVE-2019-5320.json index 87070e15239..f422cbbbf02 100644 --- a/2019/5xxx/CVE-2019-5320.json +++ b/2019/5xxx/CVE-2019-5320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5436.json b/2019/5xxx/CVE-2019-5436.json index 85e50896326..1c40a2aa8a6 100644 --- a/2019/5xxx/CVE-2019-5436.json +++ b/2019/5xxx/CVE-2019-5436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5613.json b/2019/5xxx/CVE-2019-5613.json index d8153ee1cf3..b87a2e3cca9 100644 --- a/2019/5xxx/CVE-2019-5613.json +++ b/2019/5xxx/CVE-2019-5613.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5613", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5613", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5938.json b/2019/5xxx/CVE-2019-5938.json index 2ee35697128..7bb6d755dc1 100644 --- a/2019/5xxx/CVE-2019-5938.json +++ b/2019/5xxx/CVE-2019-5938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5938", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5938", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9025.json b/2019/9xxx/CVE-2019-9025.json index f659d8c0598..36b5e5c1694 100644 --- a/2019/9xxx/CVE-2019-9025.json +++ b/2019/9xxx/CVE-2019-9025.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=77367", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=77367", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77367" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9187.json b/2019/9xxx/CVE-2019-9187.json index 6e6fcde07fd..af4e80595d3 100644 --- a/2019/9xxx/CVE-2019-9187.json +++ b/2019/9xxx/CVE-2019-9187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9717.json b/2019/9xxx/CVE-2019-9717.json index 216ca7ddc64..7c47f9af71a 100644 --- a/2019/9xxx/CVE-2019-9717.json +++ b/2019/9xxx/CVE-2019-9717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file