From 4137ea2631f2ad8d1b4a06184cfa4bf27d59d2d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:11:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0006.json | 310 ++++++++++----------- 2007/0xxx/CVE-2007-0798.json | 190 ++++++------- 2007/0xxx/CVE-2007-0965.json | 150 +++++----- 2007/0xxx/CVE-2007-0979.json | 160 +++++------ 2007/1xxx/CVE-2007-1823.json | 130 ++++----- 2007/3xxx/CVE-2007-3595.json | 34 +-- 2007/3xxx/CVE-2007-3799.json | 430 ++++++++++++++--------------- 2007/3xxx/CVE-2007-3862.json | 230 +++++++-------- 2007/4xxx/CVE-2007-4153.json | 190 ++++++------- 2007/4xxx/CVE-2007-4335.json | 200 +++++++------- 2007/4xxx/CVE-2007-4707.json | 180 ++++++------ 2014/5xxx/CVE-2014-5161.json | 180 ++++++------ 2014/5xxx/CVE-2014-5382.json | 130 ++++----- 2014/5xxx/CVE-2014-5486.json | 34 +-- 2014/5xxx/CVE-2014-5545.json | 140 +++++----- 2014/5xxx/CVE-2014-5801.json | 140 +++++----- 2015/2xxx/CVE-2015-2156.json | 190 ++++++------- 2015/2xxx/CVE-2015-2457.json | 34 +-- 2015/2xxx/CVE-2015-2493.json | 140 +++++----- 2015/2xxx/CVE-2015-2589.json | 140 +++++----- 2015/2xxx/CVE-2015-2742.json | 180 ++++++------ 2015/6xxx/CVE-2015-6437.json | 34 +-- 2015/6xxx/CVE-2015-6545.json | 170 ++++++------ 2015/6xxx/CVE-2015-6855.json | 260 ++++++++--------- 2015/7xxx/CVE-2015-7143.json | 34 +-- 2015/7xxx/CVE-2015-7984.json | 170 ++++++------ 2016/0xxx/CVE-2016-0150.json | 130 ++++----- 2016/0xxx/CVE-2016-0226.json | 160 +++++------ 2016/0xxx/CVE-2016-0390.json | 120 ++++---- 2016/0xxx/CVE-2016-0889.json | 130 ++++----- 2016/0xxx/CVE-2016-0937.json | 140 +++++----- 2016/0xxx/CVE-2016-0991.json | 190 ++++++------- 2016/1000xxx/CVE-2016-1000242.json | 34 +-- 2016/4xxx/CVE-2016-4353.json | 160 +++++------ 2016/4xxx/CVE-2016-4435.json | 120 ++++---- 2016/4xxx/CVE-2016-4647.json | 170 ++++++------ 2016/4xxx/CVE-2016-4709.json | 160 +++++------ 2016/4xxx/CVE-2016-4940.json | 34 +-- 2016/4xxx/CVE-2016-4947.json | 130 ++++----- 2016/9xxx/CVE-2016-9819.json | 130 ++++----- 2019/2xxx/CVE-2019-2495.json | 142 +++++----- 2019/3xxx/CVE-2019-3056.json | 34 +-- 2019/3xxx/CVE-2019-3463.json | 152 +++++----- 2019/3xxx/CVE-2019-3644.json | 34 +-- 2019/3xxx/CVE-2019-3820.json | 150 +++++----- 2019/4xxx/CVE-2019-4688.json | 34 +-- 2019/6xxx/CVE-2019-6530.json | 34 +-- 2019/6xxx/CVE-2019-6959.json | 34 +-- 2019/6xxx/CVE-2019-6991.json | 130 ++++----- 2019/7xxx/CVE-2019-7062.json | 34 +-- 2019/7xxx/CVE-2019-7158.json | 34 +-- 2019/7xxx/CVE-2019-7167.json | 34 +-- 2019/7xxx/CVE-2019-7442.json | 34 +-- 2019/7xxx/CVE-2019-7778.json | 34 +-- 2019/8xxx/CVE-2019-8004.json | 34 +-- 2019/8xxx/CVE-2019-8416.json | 34 +-- 2019/8xxx/CVE-2019-8456.json | 34 +-- 2019/8xxx/CVE-2019-8922.json | 34 +-- 2019/8xxx/CVE-2019-8983.json | 120 ++++---- 2019/9xxx/CVE-2019-9167.json | 34 +-- 60 files changed, 3596 insertions(+), 3596 deletions(-) diff --git a/2007/0xxx/CVE-2007-0006.json b/2007/0xxx/CVE-2007-0006.json index cdb9a4929de..d6c78651f87 100644 --- a/2007/0xxx/CVE-2007-0006.json +++ b/2007/0xxx/CVE-2007-0006.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as \"spinlock CPU recursion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://bugzilla.kernel.org/show_bug.cgi?id=7727", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.kernel.org/show_bug.cgi?id=7727" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1097", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1097" - }, - { - "name" : "MDKSA-2007:047", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:047" - }, - { - "name" : "MDKSA-2007:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" - }, - { - "name" : "RHSA-2007:0085", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0085.html" - }, - { - "name" : "RHSA-2007:0099", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0099.html" - }, - { - "name" : "SUSE-SA:2007:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_21_kernel.html" - }, - { - "name" : "USN-451-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-451-1" - }, - { - "name" : "22539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22539" - }, - { - "name" : "oval:org.mitre.oval:def:9829", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9829" - }, - { - "name" : "24109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24109" - }, - { - "name" : "24259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24259" - }, - { - "name" : "24300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24300" - }, - { - "name" : "24429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24429" - }, - { - "name" : "24482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24482" - }, - { - "name" : "24547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24547" - }, - { - "name" : "24752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24752" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as \"spinlock CPU recursion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0099", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0099.html" + }, + { + "name": "24429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24429" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495" + }, + { + "name": "http://bugzilla.kernel.org/show_bug.cgi?id=7727", + "refsource": "CONFIRM", + "url": "http://bugzilla.kernel.org/show_bug.cgi?id=7727" + }, + { + "name": "24259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24259" + }, + { + "name": "USN-451-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-451-1" + }, + { + "name": "MDKSA-2007:047", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:047" + }, + { + "name": "SUSE-SA:2007:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_21_kernel.html" + }, + { + "name": "oval:org.mitre.oval:def:9829", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9829" + }, + { + "name": "24300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24300" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "24482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24482" + }, + { + "name": "RHSA-2007:0085", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0085.html" + }, + { + "name": "24752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24752" + }, + { + "name": "24547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24547" + }, + { + "name": "24109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24109" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1097", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1097" + }, + { + "name": "22539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22539" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "MDKSA-2007:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0798.json b/2007/0xxx/CVE-2007-0798.json index cb57c83892b..43171658c4d 100644 --- a/2007/0xxx/CVE-2007-0798.json +++ b/2007/0xxx/CVE-2007-0798.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070203 Ublog Reload Admin Panel Multiple HTML Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459027/100/0/threaded" - }, - { - "name" : "http://www.hackerscenter.com/archive/view.asp?id=27270", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/archive/view.asp?id=27270" - }, - { - "name" : "22382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22382" - }, - { - "name" : "33641", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33641" - }, - { - "name" : "33642", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33642" - }, - { - "name" : "33643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33643" - }, - { - "name" : "33644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33644" - }, - { - "name" : "ublog-login-xss(32185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33643", + "refsource": "OSVDB", + "url": "http://osvdb.org/33643" + }, + { + "name": "http://www.hackerscenter.com/archive/view.asp?id=27270", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/archive/view.asp?id=27270" + }, + { + "name": "ublog-login-xss(32185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32185" + }, + { + "name": "33644", + "refsource": "OSVDB", + "url": "http://osvdb.org/33644" + }, + { + "name": "20070203 Ublog Reload Admin Panel Multiple HTML Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459027/100/0/threaded" + }, + { + "name": "33642", + "refsource": "OSVDB", + "url": "http://osvdb.org/33642" + }, + { + "name": "22382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22382" + }, + { + "name": "33641", + "refsource": "OSVDB", + "url": "http://osvdb.org/33641" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0965.json b/2007/0xxx/CVE-2007-0965.json index f5e04cd59af..233b5180057 100644 --- a/2007/0xxx/CVE-2007-0965.json +++ b/2007/0xxx/CVE-2007-0965.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use \"aaa authentication match\" or \"aaa authentication include\", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070214 Multiple Vulnerabilities in Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml" - }, - { - "name" : "22561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22561" - }, - { - "name" : "ADV-2007-0609", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0609" - }, - { - "name" : "24172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use \"aaa authentication match\" or \"aaa authentication include\", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0609", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0609" + }, + { + "name": "22561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22561" + }, + { + "name": "24172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24172" + }, + { + "name": "20070214 Multiple Vulnerabilities in Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0979.json b/2007/0xxx/CVE-2007-0979.json index 721595cac79..4cf352bca25 100644 --- a/2007/0xxx/CVE-2007-0979.json +++ b/2007/0xxx/CVE-2007-0979.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a \"crafted URL.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lifetype.net/blog/lifetype-development-journal/releases", - "refsource" : "CONFIRM", - "url" : "http://www.lifetype.net/blog/lifetype-development-journal/releases" - }, - { - "name" : "22572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22572" - }, - { - "name" : "ADV-2007-0616", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0616" - }, - { - "name" : "33210", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33210" - }, - { - "name" : "24170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a \"crafted URL.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33210", + "refsource": "OSVDB", + "url": "http://osvdb.org/33210" + }, + { + "name": "24170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24170" + }, + { + "name": "http://www.lifetype.net/blog/lifetype-development-journal/releases", + "refsource": "CONFIRM", + "url": "http://www.lifetype.net/blog/lifetype-development-journal/releases" + }, + { + "name": "22572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22572" + }, + { + "name": "ADV-2007-0616", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0616" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1823.json b/2007/1xxx/CVE-2007-1823.json index 5aab7af8c2f..66ab1fa9108 100644 --- a/2007/1xxx/CVE-2007-1823.json +++ b/2007/1xxx/CVE-2007-1823.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#726548", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/726548" - }, - { - "name" : "34986", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34986", + "refsource": "OSVDB", + "url": "http://osvdb.org/34986" + }, + { + "name": "VU#726548", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/726548" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3595.json b/2007/3xxx/CVE-2007-3595.json index 6629b674a49..a13160c7611 100644 --- a/2007/3xxx/CVE-2007-3595.json +++ b/2007/3xxx/CVE-2007-3595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3595", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3399. Reason: This candidate is a duplicate of CVE-2007-3399. Notes: All CVE users should reference CVE-2007-3399 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-3595", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-3399. Reason: This candidate is a duplicate of CVE-2007-3399. Notes: All CVE users should reference CVE-2007-3399 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3799.json b/2007/3xxx/CVE-2007-3799.json index 05f41eff243..111885e56c9 100644 --- a/2007/3xxx/CVE-2007-3799.json +++ b/2007/3xxx/CVE-2007-3799.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/PMOPB-46-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/PMOPB-46-2007.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1693", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1693" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm" - }, - { - "name" : "https://launchpad.net/bugs/173043", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/173043" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "DSA-1444", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1444" - }, - { - "name" : "DSA-1578", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1578" - }, - { - "name" : "FEDORA-2007-709", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html" - }, - { - "name" : "MDKSA-2007:187", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" - }, - { - "name" : "RHSA-2007:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0890.html" - }, - { - "name" : "RHSA-2007:0889", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0889.html" - }, - { - "name" : "RHSA-2007:0888", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0888.html" - }, - { - "name" : "RHSA-2007:0891", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0891.html" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "USN-549-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/549-1/" - }, - { - "name" : "USN-549-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-549-2" - }, - { - "name" : "24268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24268" - }, - { - "name" : "36855", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36855" - }, - { - "name" : "oval:org.mitre.oval:def:9792", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "26930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26930" - }, - { - "name" : "26871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26871" - }, - { - "name" : "26895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26895" - }, - { - "name" : "26967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26967" - }, - { - "name" : "27351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27351" - }, - { - "name" : "27377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27377" - }, - { - "name" : "27545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27545" - }, - { - "name" : "27864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27864" - }, - { - "name" : "28249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28249" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "30288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30288" + }, + { + "name": "https://launchpad.net/bugs/173043", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/173043" + }, + { + "name": "RHSA-2007:0888", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0888.html" + }, + { + "name": "24268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24268" + }, + { + "name": "FEDORA-2007-709", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html" + }, + { + "name": "26967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26967" + }, + { + "name": "DSA-1444", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1444" + }, + { + "name": "27351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27351" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "27864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27864" + }, + { + "name": "26930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26930" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "RHSA-2007:0889", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0889.html" + }, + { + "name": "USN-549-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/549-1/" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1693", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1693" + }, + { + "name": "28249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28249" + }, + { + "name": "DSA-1578", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1578" + }, + { + "name": "27545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27545" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm" + }, + { + "name": "36855", + "refsource": "OSVDB", + "url": "http://osvdb.org/36855" + }, + { + "name": "27377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27377" + }, + { + "name": "http://www.php-security.org/MOPB/PMOPB-46-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/PMOPB-46-2007.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "MDKSA-2007:187", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187" + }, + { + "name": "26895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26895" + }, + { + "name": "oval:org.mitre.oval:def:9792", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792" + }, + { + "name": "USN-549-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-549-2" + }, + { + "name": "RHSA-2007:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0890.html" + }, + { + "name": "RHSA-2007:0891", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0891.html" + }, + { + "name": "26871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26871" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3862.json b/2007/3xxx/CVE-2007-3862.json index efdd5046c93..15ee26a69d3 100644 --- a/2007/3xxx/CVE-2007-3862.json +++ b/2007/3xxx/CVE-2007-3862.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" - }, - { - "name" : "TA07-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-200A.html" - }, - { - "name" : "ADV-2007-2562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2562" - }, - { - "name" : "ADV-2007-2635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2635" - }, - { - "name" : "1018415", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018415" - }, - { - "name" : "26114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26114" - }, - { - "name" : "26166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26166" - }, - { - "name" : "oracle-cpu-july2007(35490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" + }, + { + "name": "26114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26114" + }, + { + "name": "26166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26166" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html" + }, + { + "name": "TA07-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html" + }, + { + "name": "ADV-2007-2562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2562" + }, + { + "name": "ADV-2007-2635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2635" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" + }, + { + "name": "oracle-cpu-july2007(35490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf" + }, + { + "name": "1018415", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018415" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4153.json b/2007/4xxx/CVE-2007-4153.json index b4def59401e..70b37b969de 100644 --- a/2007/4xxx/CVE-2007-4153.json +++ b/2007/4xxx/CVE-2007-4153.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codex.wordpress.org/Roles_and_Capabilities", - "refsource" : "MISC", - "url" : "http://codex.wordpress.org/Roles_and_Capabilities" - }, - { - "name" : "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/", - "refsource" : "MISC", - "url" : "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/" - }, - { - "name" : "DSA-1564", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1564" - }, - { - "name" : "46994", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46994" - }, - { - "name" : "46995", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46995" - }, - { - "name" : "30013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30013" - }, - { - "name" : "wordpress-linkimport-xss(35720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720" - }, - { - "name" : "wordpress-options-xss(35722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wordpress-options-xss(35722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35722" + }, + { + "name": "http://codex.wordpress.org/Roles_and_Capabilities", + "refsource": "MISC", + "url": "http://codex.wordpress.org/Roles_and_Capabilities" + }, + { + "name": "30013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30013" + }, + { + "name": "wordpress-linkimport-xss(35720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35720" + }, + { + "name": "46995", + "refsource": "OSVDB", + "url": "http://osvdb.org/46995" + }, + { + "name": "DSA-1564", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1564" + }, + { + "name": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/", + "refsource": "MISC", + "url": "http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/" + }, + { + "name": "46994", + "refsource": "OSVDB", + "url": "http://osvdb.org/46994" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4335.json b/2007/4xxx/CVE-2007-4335.json index 28328285e3d..95b140b6211 100644 --- a/2007/4xxx/CVE-2007-4335.json +++ b/2007/4xxx/CVE-2007-4335.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070810 [HS-A007] Qbik WinGate Remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476011/100/0/threaded" - }, - { - "name" : "http://www.harmonysecurity.com/HS-A007.html", - "refsource" : "MISC", - "url" : "http://www.harmonysecurity.com/HS-A007.html" - }, - { - "name" : "http://www.wingate.com/news.php?id=50", - "refsource" : "CONFIRM", - "url" : "http://www.wingate.com/news.php?id=50" - }, - { - "name" : "25272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25272" - }, - { - "name" : "25303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25303" - }, - { - "name" : "ADV-2007-2859", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2859" - }, - { - "name" : "26412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26412" - }, - { - "name" : "3001", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3001" - }, - { - "name" : "qbik-smtp-dos(35950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.harmonysecurity.com/HS-A007.html", + "refsource": "MISC", + "url": "http://www.harmonysecurity.com/HS-A007.html" + }, + { + "name": "http://www.wingate.com/news.php?id=50", + "refsource": "CONFIRM", + "url": "http://www.wingate.com/news.php?id=50" + }, + { + "name": "3001", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3001" + }, + { + "name": "25272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25272" + }, + { + "name": "25303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25303" + }, + { + "name": "qbik-smtp-dos(35950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950" + }, + { + "name": "20070810 [HS-A007] Qbik WinGate Remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded" + }, + { + "name": "26412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26412" + }, + { + "name": "ADV-2007-2859", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2859" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4707.json b/2007/4xxx/CVE-2007-4707.json index 3e986cd882d..d8b5ec785f9 100644 --- a/2007/4xxx/CVE-2007-4707.json +++ b/2007/4xxx/CVE-2007-4707.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307176", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307176" - }, - { - "name" : "APPLE-SA-2007-12-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html" - }, - { - "name" : "26866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26866" - }, - { - "name" : "ADV-2007-4217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4217" - }, - { - "name" : "1019099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019099" - }, - { - "name" : "28092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28092" - }, - { - "name" : "quicktime-flash-media-code-execution(39030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-4217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4217" + }, + { + "name": "quicktime-flash-media-code-execution(39030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39030" + }, + { + "name": "26866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26866" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307176", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307176" + }, + { + "name": "APPLE-SA-2007-12-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html" + }, + { + "name": "28092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28092" + }, + { + "name": "1019099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019099" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5161.json b/2014/5xxx/CVE-2014-5161.json index 8b6d0b45dc6..b396aa8aa9d 100644 --- a/2014/5xxx/CVE-2014-5161.json +++ b/2014/5xxx/CVE-2014-5161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-08.html" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380" - }, - { - "name" : "DSA-3002", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3002" - }, - { - "name" : "SUSE-SU-2014:1221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" - }, - { - "name" : "openSUSE-SU-2014:1038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2014:1249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" - }, - { - "name" : "57593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" + }, + { + "name": "SUSE-SU-2014:1221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" + }, + { + "name": "DSA-3002", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3002" + }, + { + "name": "openSUSE-SU-2014:1038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-08.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=16f8ba1bed579344df373bf38fff552ab8baf380" + }, + { + "name": "57593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57593" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5382.json b/2014/5xxx/CVE-2014-5382.json index f3abc3b2ac9..22ecb0a5c9c 100644 --- a/2014/5xxx/CVE-2014-5382.json +++ b/2014/5xxx/CVE-2014-5382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140710 SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/40" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140710 SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/40" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5486.json b/2014/5xxx/CVE-2014-5486.json index a84f6c9f4e2..9fd008d9454 100644 --- a/2014/5xxx/CVE-2014-5486.json +++ b/2014/5xxx/CVE-2014-5486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5545.json b/2014/5xxx/CVE-2014-5545.json index fef31075539..d768b286a8f 100644 --- a/2014/5xxx/CVE-2014-5545.json +++ b/2014/5xxx/CVE-2014-5545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#744769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/744769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#744769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/744769" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5801.json b/2014/5xxx/CVE-2014-5801.json index 9ef383dcd03..22d562fa93b 100644 --- a/2014/5xxx/CVE-2014-5801.json +++ b/2014/5xxx/CVE-2014-5801.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DataGard VPN + AV (aka ocshield.com) application @7F050013 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#220465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/220465" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DataGard VPN + AV (aka ocshield.com) application @7F050013 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#220465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/220465" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2156.json b/2015/2xxx/CVE-2015-2156.json index 4a3907a552d..ef02b313a1e 100644 --- a/2015/2xxx/CVE-2015-2156.json +++ b/2015/2xxx/CVE-2015-2156.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/17/1" - }, - { - "name" : "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass", - "refsource" : "MISC", - "url" : "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass" - }, - { - "name" : "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html", - "refsource" : "CONFIRM", - "url" : "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222923", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1222923" - }, - { - "name" : "https://github.com/netty/netty/pull/3754", - "refsource" : "CONFIRM", - "url" : "https://github.com/netty/netty/pull/3754" - }, - { - "name" : "FEDORA-2015-8684", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html" - }, - { - "name" : "FEDORA-2015-8713", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html" - }, - { - "name" : "74704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html", + "refsource": "CONFIRM", + "url": "http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html" + }, + { + "name": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass", + "refsource": "MISC", + "url": "https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass" + }, + { + "name": "FEDORA-2015-8713", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159379.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222923" + }, + { + "name": "https://github.com/netty/netty/pull/3754", + "refsource": "CONFIRM", + "url": "https://github.com/netty/netty/pull/3754" + }, + { + "name": "FEDORA-2015-8684", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159166.html" + }, + { + "name": "74704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74704" + }, + { + "name": "[oss-security] 20150516 Netty/Play's Security Updates (CVE-2015-2156)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/17/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2457.json b/2015/2xxx/CVE-2015-2457.json index d20a33b3609..62f62a85954 100644 --- a/2015/2xxx/CVE-2015-2457.json +++ b/2015/2xxx/CVE-2015-2457.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2457", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2457", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2493.json b/2015/2xxx/CVE-2015-2493.json index c503a019c7d..f72d2fd0aa6 100644 --- a/2015/2xxx/CVE-2015-2493.json +++ b/2015/2xxx/CVE-2015-2493.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-094", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094" - }, - { - "name" : "76575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76575" - }, - { - "name" : "1033487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-094", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094" + }, + { + "name": "76575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76575" + }, + { + "name": "1033487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033487" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2589.json b/2015/2xxx/CVE-2015-2589.json index f6e1b7883f5..43f8767498e 100644 --- a/2015/2xxx/CVE-2015-2589.json +++ b/2015/2xxx/CVE-2015-2589.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "75878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75878" - }, - { - "name" : "1032914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032914" + }, + { + "name": "75878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75878" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2742.json b/2015/2xxx/CVE-2015-2742.json index 7bf3de4c611..d5c64864a4b 100644 --- a/2015/2xxx/CVE-2015-2742.json +++ b/2015/2xxx/CVE-2015-2742.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-68.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-68.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1138669", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1138669" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "75541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75541" - }, - { - "name" : "1032783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "75541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75541" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-68.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-68.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138669", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138669" + }, + { + "name": "1032783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032783" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6437.json b/2015/6xxx/CVE-2015-6437.json index fd7886fb219..f56425a1610 100644 --- a/2015/6xxx/CVE-2015-6437.json +++ b/2015/6xxx/CVE-2015-6437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6437", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6437", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6545.json b/2015/6xxx/CVE-2015-6545.json index 781f1d6a3a9..38bcfe06b4f 100644 --- a/2015/6xxx/CVE-2015-6545.json +++ b/2015/6xxx/CVE-2015-6545.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150902 Cross-Site Request Forgery in Cerb", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536376/100/0/threaded" - }, - { - "name" : "38074", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38074/" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23269", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23269" - }, - { - "name" : "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html" - }, - { - "name" : "http://wiki.cerbweb.com/7.0#7.0.4", - "refsource" : "CONFIRM", - "url" : "http://wiki.cerbweb.com/7.0#7.0.4" - }, - { - "name" : "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144", - "refsource" : "CONFIRM", - "url" : "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html" + }, + { + "name": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144", + "refsource": "CONFIRM", + "url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144" + }, + { + "name": "20150902 Cross-Site Request Forgery in Cerb", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23269", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23269" + }, + { + "name": "38074", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38074/" + }, + { + "name": "http://wiki.cerbweb.com/7.0#7.0.4", + "refsource": "CONFIRM", + "url": "http://wiki.cerbweb.com/7.0#7.0.4" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6855.json b/2015/6xxx/CVE-2015-6855.json index bd154bcbf48..9826f35a737 100644 --- a/2015/6xxx/CVE-2015-6855.json +++ b/2015/6xxx/CVE-2015-6855.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-6855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html" - }, - { - "name" : "[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/10/1" - }, - { - "name" : "[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/10/2" - }, - { - "name" : "DSA-3361", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3361" - }, - { - "name" : "DSA-3362", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3362" - }, - { - "name" : "FEDORA-2015-16368", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html" - }, - { - "name" : "FEDORA-2015-16369", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html" - }, - { - "name" : "FEDORA-2015-16370", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html" - }, - { - "name" : "FEDORA-2015-4896530727", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html" - }, - { - "name" : "FEDORA-2015-8dc71ade88", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html" - }, - { - "name" : "FEDORA-2015-d6ea74993a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html" - }, - { - "name" : "GLSA-201602-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201602-01" - }, - { - "name" : "SUSE-SU-2015:1782", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html" - }, - { - "name" : "USN-2745-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2745-1" - }, - { - "name" : "76691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3361", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3361" + }, + { + "name": "76691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76691" + }, + { + "name": "FEDORA-2015-16369", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html" + }, + { + "name": "FEDORA-2015-16370", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html" + }, + { + "name": "FEDORA-2015-d6ea74993a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html" + }, + { + "name": "[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/10/2" + }, + { + "name": "SUSE-SU-2015:1782", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html" + }, + { + "name": "[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/10/1" + }, + { + "name": "FEDORA-2015-16368", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html" + }, + { + "name": "DSA-3362", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3362" + }, + { + "name": "USN-2745-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2745-1" + }, + { + "name": "FEDORA-2015-8dc71ade88", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html" + }, + { + "name": "[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html" + }, + { + "name": "FEDORA-2015-4896530727", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html" + }, + { + "name": "GLSA-201602-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201602-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7143.json b/2015/7xxx/CVE-2015-7143.json index 6d4ca250eb3..05e9104c137 100644 --- a/2015/7xxx/CVE-2015-7143.json +++ b/2015/7xxx/CVE-2015-7143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7143", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7143", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7984.json b/2015/7xxx/CVE-2015-7984.json index a52f5e6a5da..fc8c7aeef02 100644 --- a/2015/7xxx/CVE-2015-7984.json +++ b/2015/7xxx/CVE-2015-7984.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38765/" - }, - { - "name" : "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2015/001124.html" - }, - { - "name" : "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2015/001137.html" - }, - { - "name" : "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2015/001138.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23272", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23272" - }, - { - "name" : "DSA-3391", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2015/001124.html" + }, + { + "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2015/001138.html" + }, + { + "name": "38765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38765/" + }, + { + "name": "DSA-3391", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3391" + }, + { + "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2015/001137.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23272", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23272" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0150.json b/2016/0xxx/CVE-2016-0150.json index 672528b50c6..7c9e8244cbc 100644 --- a/2016/0xxx/CVE-2016-0150.json +++ b/2016/0xxx/CVE-2016-0150.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka \"HTTP.sys Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-049" - }, - { - "name" : "1035546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka \"HTTP.sys Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-049" + }, + { + "name": "1035546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035546" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0226.json b/2016/0xxx/CVE-2016-0226.json index d2eabbccdef..7d5675e086b 100644 --- a/2016/0xxx/CVE-2016-0226.json +++ b/2016/0xxx/CVE-2016-0226.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-208/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-208/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-209/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-209/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-210/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-210/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21978598", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21978598" - }, - { - "name" : "1035286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-210/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-209/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598" + }, + { + "name": "1035286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035286" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-208/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0390.json b/2016/0xxx/CVE-2016-0390.json index f9b74b3e373..7ff2bc3a437 100644 --- a/2016/0xxx/CVE-2016-0390.json +++ b/2016/0xxx/CVE-2016-0390.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981321", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981321", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981321" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0889.json b/2016/0xxx/CVE-2016-0889.json index 2522c5a2f6d..23c1f9cbb24 100644 --- a/2016/0xxx/CVE-2016-0889.json +++ b/2016/0xxx/CVE-2016-0889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160414 ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2016/Apr/83" - }, - { - "name" : "1035580", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035580", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035580" + }, + { + "name": "20160414 ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2016/Apr/83" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0937.json b/2016/0xxx/CVE-2016-0937.json index fe6506abb43..385ce3a2232 100644 --- a/2016/0xxx/CVE-2016-0937.json +++ b/2016/0xxx/CVE-2016-0937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-011", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-011" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-02.html" - }, - { - "name" : "1034646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-011", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-011" + }, + { + "name": "1034646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034646" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0991.json b/2016/0xxx/CVE-2016-0991.json index 5bcce8ebf3e..2a988b5ef77 100644 --- a/2016/0xxx/CVE-2016-0991.json +++ b/2016/0xxx/CVE-2016-0991.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" - }, - { - "name" : "GLSA-201603-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-07" - }, - { - "name" : "SUSE-SU-2016:0715", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:0716", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:0719", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:0734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" - }, - { - "name" : "84312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84312" - }, - { - "name" : "1035251", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" + }, + { + "name": "1035251", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035251" + }, + { + "name": "openSUSE-SU-2016:0719", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" + }, + { + "name": "GLSA-201603-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-07" + }, + { + "name": "SUSE-SU-2016:0715", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" + }, + { + "name": "84312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84312" + }, + { + "name": "SUSE-SU-2016:0716", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000242.json b/2016/1000xxx/CVE-2016-1000242.json index 87a0627c269..82057da1e02 100644 --- a/2016/1000xxx/CVE-2016-1000242.json +++ b/2016/1000xxx/CVE-2016-1000242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000242", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000242", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4353.json b/2016/4xxx/CVE-2016-4353.json index 679855f2579..5535d69fb78 100644 --- a/2016/4xxx/CVE-2016-4353.json +++ b/2016/4xxx/CVE-2016-4353.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160429 CVE request: three issues in libksba", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/29/5" - }, - { - "name" : "[oss-security] 20160429 Re: CVE request: three issues in libksba", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/29/8" - }, - { - "name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a", - "refsource" : "CONFIRM", - "url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a" - }, - { - "name" : "GLSA-201604-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-04" - }, - { - "name" : "USN-2982-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2982-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2982-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2982-1" + }, + { + "name": "[oss-security] 20160429 CVE request: three issues in libksba", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/29/5" + }, + { + "name": "[oss-security] 20160429 Re: CVE request: three issues in libksba", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/29/8" + }, + { + "name": "GLSA-201604-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-04" + }, + { + "name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a", + "refsource": "CONFIRM", + "url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4435.json b/2016/4xxx/CVE-2016-4435.json index 9d557b4c19f..8f8eff5ea37 100644 --- a/2016/4xxx/CVE-2016-4435.json +++ b/2016/4xxx/CVE-2016-4435.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Foundry", - "version" : { - "version_data" : [ - { - "version_value" : "BOSH stemcell versions prior to 3232.6 and 3146.13" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry", + "version": { + "version_data": [ + { + "version_value": "BOSH stemcell versions prior to 3232.6 and 3146.13" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2016-4435", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2016-4435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2016-4435", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2016-4435" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4647.json b/2016/4xxx/CVE-2016-4647.json index f060be7bec8..00405136ca0 100644 --- a/2016/4xxx/CVE-2016-4647.json +++ b/2016/4xxx/CVE-2016-4647.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-437/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-437/" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-16-438/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-16-438/" - }, - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "91824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91824" - }, - { - "name" : "1036348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91824" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-437/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-437/" + }, + { + "name": "1036348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036348" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-16-438/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-16-438/" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4709.json b/2016/4xxx/CVE-2016-4709.json index e5bbd0ad15a..241ed2d7346 100644 --- a/2016/4xxx/CVE-2016-4709.json +++ b/2016/4xxx/CVE-2016-4709.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage \"type confusion,\" a different vulnerability than CVE-2016-4710." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-609", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-609" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "93055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93055" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage \"type confusion,\" a different vulnerability than CVE-2016-4710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-609", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-609" + }, + { + "name": "93055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93055" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4940.json b/2016/4xxx/CVE-2016-4940.json index 1f3544a578a..b725a889544 100644 --- a/2016/4xxx/CVE-2016-4940.json +++ b/2016/4xxx/CVE-2016-4940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4940", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-4940", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4947.json b/2016/4xxx/CVE-2016-4947.json index 96234916af8..fdf35f27ad1 100644 --- a/2016/4xxx/CVE-2016-4947.json +++ b/2016/4xxx/CVE-2016-4947.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf", - "refsource" : "MISC", - "url" : "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf" - }, - { - "name" : "93880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf", + "refsource": "MISC", + "url": "http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf" + }, + { + "name": "93880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93880" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9819.json b/2016/9xxx/CVE-2016-9819.json index 4932ebd6868..76544a42bc1 100644 --- a/2016/9xxx/CVE-2016-9819.json +++ b/2016/9xxx/CVE-2016-9819.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" - }, - { - "name" : "94732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94732" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2495.json b/2019/2xxx/CVE-2019-2495.json index 3e96ac55618..bd0e0e35fa5 100644 --- a/2019/2xxx/CVE-2019-2495.json +++ b/2019/2xxx/CVE-2019-2495.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3056.json b/2019/3xxx/CVE-2019-3056.json index f91c2992d7d..fac831b4389 100644 --- a/2019/3xxx/CVE-2019-3056.json +++ b/2019/3xxx/CVE-2019-3056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3463.json b/2019/3xxx/CVE-2019-3463.json index 600a5778945..c032da77062 100644 --- a/2019/3xxx/CVE-2019-3463.json +++ b/2019/3xxx/CVE-2019-3463.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2019-02-06T00:00:00", - "ID" : "CVE-2019-3463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rssh", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 2.3.4-5+deb9u2 and 2.3.4-10" - } - ] - } - } - ] - }, - "vendor_name" : "Debian GNU/Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incomplete sanitization of passed arguments" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2019-02-06T00:00:00", + "ID": "CVE-2019-3463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rssh", + "version": { + "version_data": [ + { + "version_value": "All versions before 2.3.4-5+deb9u2 and 2.3.4-10" + } + ] + } + } + ] + }, + "vendor_name": "Debian GNU/Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html" - }, - { - "name" : "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/", - "refsource" : "MISC", - "url" : "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/" - }, - { - "name" : "DSA-4382", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4382" - }, - { - "name" : "106839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incomplete sanitization of passed arguments" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4382", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4382" + }, + { + "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1660-1] rssh security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00007.html" + }, + { + "name": "106839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106839" + }, + { + "name": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/", + "refsource": "MISC", + "url": "https://tracker.debian.org/news/1026713/accepted-rssh-234-5deb9u2-source-amd64-into-stable-embargoed-stable/" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3644.json b/2019/3xxx/CVE-2019-3644.json index 5e8aae389ef..60fd26a7ac3 100644 --- a/2019/3xxx/CVE-2019-3644.json +++ b/2019/3xxx/CVE-2019-3644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3820.json b/2019/3xxx/CVE-2019-3820.json index 4adebf61a48..981b3533246 100644 --- a/2019/3xxx/CVE-2019-3820.json +++ b/2019/3xxx/CVE-2019-3820.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2019-3820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "gnome-shell", - "version" : { - "version_data" : [ - { - "version_value" : "since 3.15.91" - } - ] - } - } - ] - }, - "vendor_name" : "The Gnome Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2019-3820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gnome-shell", + "version": { + "version_data": [ + { + "version_value": "since 3.15.91" + } + ] + } + } + ] + }, + "vendor_name": "The Gnome Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.8/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3820" + }, + { + "name": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/gnome-shell/issues/851" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4688.json b/2019/4xxx/CVE-2019-4688.json index 21638e04127..94158d3d57e 100644 --- a/2019/4xxx/CVE-2019-4688.json +++ b/2019/4xxx/CVE-2019-4688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6530.json b/2019/6xxx/CVE-2019-6530.json index 58b39c5692b..b4719a69ab1 100644 --- a/2019/6xxx/CVE-2019-6530.json +++ b/2019/6xxx/CVE-2019-6530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6959.json b/2019/6xxx/CVE-2019-6959.json index 5d47265f3f9..4d9565270b8 100644 --- a/2019/6xxx/CVE-2019-6959.json +++ b/2019/6xxx/CVE-2019-6959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6959", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6959", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6991.json b/2019/6xxx/CVE-2019-6991.json index 0acbd50cb2e..1db1ed178f6 100644 --- a/2019/6xxx/CVE-2019-6991.json +++ b/2019/6xxx/CVE-2019-6991.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/zoneminder/issues/2478", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/issues/2478" - }, - { - "name" : "https://github.com/ZoneMinder/zoneminder/pull/2482", - "refsource" : "MISC", - "url" : "https://github.com/ZoneMinder/zoneminder/pull/2482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/zoneminder/pull/2482", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/pull/2482" + }, + { + "name": "https://github.com/ZoneMinder/zoneminder/issues/2478", + "refsource": "MISC", + "url": "https://github.com/ZoneMinder/zoneminder/issues/2478" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7062.json b/2019/7xxx/CVE-2019-7062.json index 7b080a1a834..a2230a9e053 100644 --- a/2019/7xxx/CVE-2019-7062.json +++ b/2019/7xxx/CVE-2019-7062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7158.json b/2019/7xxx/CVE-2019-7158.json index d799c8c5c41..c3e8b572334 100644 --- a/2019/7xxx/CVE-2019-7158.json +++ b/2019/7xxx/CVE-2019-7158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7167.json b/2019/7xxx/CVE-2019-7167.json index b62e007906b..71b573d8abc 100644 --- a/2019/7xxx/CVE-2019-7167.json +++ b/2019/7xxx/CVE-2019-7167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7442.json b/2019/7xxx/CVE-2019-7442.json index 389a44beeb4..e33dd65ce4c 100644 --- a/2019/7xxx/CVE-2019-7442.json +++ b/2019/7xxx/CVE-2019-7442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7778.json b/2019/7xxx/CVE-2019-7778.json index 770bf5f1425..1d6ac7f99e4 100644 --- a/2019/7xxx/CVE-2019-7778.json +++ b/2019/7xxx/CVE-2019-7778.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7778", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7778", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8004.json b/2019/8xxx/CVE-2019-8004.json index 1019cf35b32..f0c9c8abcb2 100644 --- a/2019/8xxx/CVE-2019-8004.json +++ b/2019/8xxx/CVE-2019-8004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8416.json b/2019/8xxx/CVE-2019-8416.json index cb21ed0c385..59d43b61d13 100644 --- a/2019/8xxx/CVE-2019-8416.json +++ b/2019/8xxx/CVE-2019-8416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8456.json b/2019/8xxx/CVE-2019-8456.json index a4952ab9142..131ea756beb 100644 --- a/2019/8xxx/CVE-2019-8456.json +++ b/2019/8xxx/CVE-2019-8456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8922.json b/2019/8xxx/CVE-2019-8922.json index 79e739452e8..a71ada9c08c 100644 --- a/2019/8xxx/CVE-2019-8922.json +++ b/2019/8xxx/CVE-2019-8922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8983.json b/2019/8xxx/CVE-2019-8983.json index de641b33e9f..dbec3ecbff0 100644 --- a/2019/8xxx/CVE-2019-8983.json +++ b/2019/8xxx/CVE-2019-8983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/", - "refsource" : "MISC", - "url" : "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/", + "refsource": "MISC", + "url": "https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9167.json b/2019/9xxx/CVE-2019-9167.json index 107f8b74975..e042080f737 100644 --- a/2019/9xxx/CVE-2019-9167.json +++ b/2019/9xxx/CVE-2019-9167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file