diff --git a/2007/0xxx/CVE-2007-0242.json b/2007/0xxx/CVE-2007-0242.json index a4e7b566316..832362a29ca 100644 --- a/2007/0xxx/CVE-2007-0242.json +++ b/2007/0xxx/CVE-2007-0242.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html", - "refsource" : "CONFIRM", - "url" : "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html" - }, - { - "name" : "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350", - "refsource" : "CONFIRM", - "url" : "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1202", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1202" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm" - }, - { - "name" : "DSA-1292", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1292" - }, - { - "name" : "FEDORA-2007-703", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2007-703.shtml" - }, - { - "name" : "MDKSA-2007:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074" - }, - { - "name" : "MDKSA-2007:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075" - }, - { - "name" : "MDKSA-2007:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076" - }, - { - "name" : "RHSA-2007:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0909.html" - }, - { - "name" : "RHSA-2007:0883", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0883.html" - }, - { - "name" : "RHSA-2011:1324", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1324.html" - }, - { - "name" : "20070901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc" - }, - { - "name" : "SSA:2007-093-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591" - }, - { - "name" : "SUSE-SR:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_6_sr.html" - }, - { - "name" : "USN-452-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-452-1" - }, - { - "name" : "23269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23269" - }, - { - "name" : "oval:org.mitre.oval:def:11510", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510" - }, - { - "name" : "46117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46117" - }, - { - "name" : "ADV-2007-1212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1212" - }, - { - "name" : "24727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24727" - }, - { - "name" : "24699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24699" - }, - { - "name" : "24705", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24705" - }, - { - "name" : "24726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24726" - }, - { - "name" : "24847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24847" - }, - { - "name" : "24797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24797" - }, - { - "name" : "24889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24889" - }, - { - "name" : "24759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24759" - }, - { - "name" : "25263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25263" - }, - { - "name" : "26857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26857" - }, - { - "name" : "26804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26804" - }, - { - "name" : "27108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27108" - }, - { - "name" : "27275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27275" - }, - { - "name" : "qt-utf8-xss(33397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html" + }, + { + "name": "qt-utf8-xss(33397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33397" + }, + { + "name": "24699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24699" + }, + { + "name": "RHSA-2007:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0909.html" + }, + { + "name": "MDKSA-2007:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:074" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1202", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1202" + }, + { + "name": "MDKSA-2007:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:076" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm" + }, + { + "name": "24889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24889" + }, + { + "name": "27275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27275" + }, + { + "name": "24727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24727" + }, + { + "name": "26857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26857" + }, + { + "name": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350", + "refsource": "CONFIRM", + "url": "http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350" + }, + { + "name": "SUSE-SR:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html" + }, + { + "name": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html", + "refsource": "CONFIRM", + "url": "http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html" + }, + { + "name": "DSA-1292", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1292" + }, + { + "name": "24847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24847" + }, + { + "name": "24705", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24705" + }, + { + "name": "RHSA-2011:1324", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html" + }, + { + "name": "23269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23269" + }, + { + "name": "46117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46117" + }, + { + "name": "27108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27108" + }, + { + "name": "24759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24759" + }, + { + "name": "USN-452-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-452-1" + }, + { + "name": "24726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24726" + }, + { + "name": "20070901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc" + }, + { + "name": "ADV-2007-1212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1212" + }, + { + "name": "25263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25263" + }, + { + "name": "26804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26804" + }, + { + "name": "FEDORA-2007-703", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2007-703.shtml" + }, + { + "name": "oval:org.mitre.oval:def:11510", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510" + }, + { + "name": "RHSA-2007:0883", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0883.html" + }, + { + "name": "SSA:2007-093-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591" + }, + { + "name": "MDKSA-2007:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:075" + }, + { + "name": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html" + }, + { + "name": "24797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24797" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0951.json b/2007/0xxx/CVE-2007-0951.json index ad76b6af710..87a7f9e2a55 100644 --- a/2007/0xxx/CVE-2007-0951.json +++ b/2007/0xxx/CVE-2007-0951.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459979/100/0/threaded" - }, - { - "name" : "22545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22545" - }, - { - "name" : "33721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33721" - }, - { - "name" : "2250", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2250" - }, - { - "name" : "fullaspsite-listmain-sql-injection(32470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fullaspsite-listmain-sql-injection(32470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32470" + }, + { + "name": "20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459979/100/0/threaded" + }, + { + "name": "22545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22545" + }, + { + "name": "2250", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2250" + }, + { + "name": "33721", + "refsource": "OSVDB", + "url": "http://osvdb.org/33721" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2651.json b/2007/2xxx/CVE-2007-2651.json index 74203b6d052..b448b47e6e7 100644 --- a/2007/2xxx/CVE-2007-2651.json +++ b/2007/2xxx/CVE-2007-2651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=497807&group_id=116847", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=497807&group_id=116847" - }, - { - "name" : "23929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23929" - }, - { - "name" : "ADV-2007-1756", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1756" - }, - { - "name" : "41985", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41985" - }, - { - "name" : "41986", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41986" - }, - { - "name" : "voodoocircle-ssl-dos(34229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41985", + "refsource": "OSVDB", + "url": "http://osvdb.org/41985" + }, + { + "name": "41986", + "refsource": "OSVDB", + "url": "http://osvdb.org/41986" + }, + { + "name": "voodoocircle-ssl-dos(34229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34229" + }, + { + "name": "ADV-2007-1756", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1756" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=497807&group_id=116847", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=497807&group_id=116847" + }, + { + "name": "23929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23929" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3281.json b/2007/3xxx/CVE-2007-3281.json index 1b7b38770d0..c9d60724f6c 100644 --- a/2007/3xxx/CVE-2007-3281.json +++ b/2007/3xxx/CVE-2007-3281.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070618 PHP hosting Biller", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471642/100/0/threaded" - }, - { - "name" : "24517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24517" - }, - { - "name" : "ADV-2007-2248", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2248" - }, - { - "name" : "36374", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36374" - }, - { - "name" : "25681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25681" - }, - { - "name" : "2811", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2811" - }, - { - "name" : "phphostingbiller-index-xss(34941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070618 PHP hosting Biller", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471642/100/0/threaded" + }, + { + "name": "2811", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2811" + }, + { + "name": "ADV-2007-2248", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2248" + }, + { + "name": "phphostingbiller-index-xss(34941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34941" + }, + { + "name": "25681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25681" + }, + { + "name": "24517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24517" + }, + { + "name": "36374", + "refsource": "OSVDB", + "url": "http://osvdb.org/36374" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3387.json b/2007/3xxx/CVE-2007-3387.json index ef7b3c2ae2b..43966dbfbf8 100644 --- a/2007/3xxx/CVE-2007-3387.json +++ b/2007/3xxx/CVE-2007-3387.json @@ -1,527 +1,527 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476508/100/0/threaded" - }, - { - "name" : "20070814 FLEA-2007-0045-1 poppler", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476519/30/5400/threaded" - }, - { - "name" : "20070816 FLEA-2007-0046-1 cups", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476765/30/5340/threaded" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=187139", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=187139" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20070730-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20070730-1.txt" - }, - { - "name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1596", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1596" - }, - { - "name" : "https://issues.foresightlinux.org/browse/FL-471", - "refsource" : "CONFIRM", - "url" : "https://issues.foresightlinux.org/browse/FL-471" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1604", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1604" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=535497", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=535497" - }, - { - "name" : "DSA-1347", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1347" - }, - { - "name" : "DSA-1348", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1348" - }, - { - "name" : "DSA-1349", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1349" - }, - { - "name" : "DSA-1350", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1350" - }, - { - "name" : "DSA-1352", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1352" - }, - { - "name" : "DSA-1355", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1355" - }, - { - "name" : "DSA-1354", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1354" - }, - { - "name" : "DSA-1357", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1357" - }, - { - "name" : "GLSA-200709-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200709-12.xml" - }, - { - "name" : "GLSA-200710-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml" - }, - { - "name" : "GLSA-200710-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-20.xml" - }, - { - "name" : "GLSA-200709-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200709-17.xml" - }, - { - "name" : "GLSA-200711-34", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml" - }, - { - "name" : "GLSA-200805-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml" - }, - { - "name" : "MDKSA-2007:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162" - }, - { - "name" : "MDKSA-2007:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158" - }, - { - "name" : "MDKSA-2007:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159" - }, - { - "name" : "MDKSA-2007:160", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160" - }, - { - "name" : "MDKSA-2007:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161" - }, - { - "name" : "MDKSA-2007:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163" - }, - { - "name" : "MDKSA-2007:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" - }, - { - "name" : "MDKSA-2007:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165" - }, - { - "name" : "RHSA-2007:0730", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0730.html" - }, - { - "name" : "RHSA-2007:0720", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0720.html" - }, - { - "name" : "RHSA-2007:0729", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0729.html" - }, - { - "name" : "RHSA-2007:0732", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0732.html" - }, - { - "name" : "RHSA-2007:0735", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0735.html" - }, - { - "name" : "RHSA-2007:0731", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0731.html" - }, - { - "name" : "20070801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc" - }, - { - "name" : "SSA:2007-222-05", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670" - }, - { - "name" : "SSA:2007-316-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "SUSE-SR:2007:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_16_sr.html" - }, - { - "name" : "USN-496-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-496-1" - }, - { - "name" : "USN-496-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-496-2" - }, - { - "name" : "25124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25124" - }, - { - "name" : "oval:org.mitre.oval:def:11149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149" - }, - { - "name" : "ADV-2007-2704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2704" - }, - { - "name" : "ADV-2007-2705", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2705" - }, - { - "name" : "40127", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40127" - }, - { - "name" : "1018473", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018473" - }, - { - "name" : "26188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26188" - }, - { - "name" : "26254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26254" - }, - { - "name" : "26255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26255" - }, - { - "name" : "26257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26257" - }, - { - "name" : "26278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26278" - }, - { - "name" : "26281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26281" - }, - { - "name" : "26283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26283" - }, - { - "name" : "26251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26251" - }, - { - "name" : "26293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26293" - }, - { - "name" : "26292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26292" - }, - { - "name" : "26307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26307" - }, - { - "name" : "26318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26318" - }, - { - "name" : "26342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26342" - }, - { - "name" : "26297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26297" - }, - { - "name" : "26343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26343" - }, - { - "name" : "26358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26358" - }, - { - "name" : "26325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26325" - }, - { - "name" : "26365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26365" - }, - { - "name" : "26370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26370" - }, - { - "name" : "26413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26413" - }, - { - "name" : "26410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26410" - }, - { - "name" : "26403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26403" - }, - { - "name" : "26405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26405" - }, - { - "name" : "26407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26407" - }, - { - "name" : "26432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26432" - }, - { - "name" : "26436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26436" - }, - { - "name" : "26467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26467" - }, - { - "name" : "26468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26468" - }, - { - "name" : "26470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26470" - }, - { - "name" : "26425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26425" - }, - { - "name" : "26395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26395" - }, - { - "name" : "26514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26514" - }, - { - "name" : "26607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26607" - }, - { - "name" : "26862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26862" - }, - { - "name" : "27156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27156" - }, - { - "name" : "27281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27281" - }, - { - "name" : "27308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27308" - }, - { - "name" : "27637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27637" - }, - { - "name" : "26627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26627" - }, - { - "name" : "26982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26982" - }, - { - "name" : "30168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0730", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html" + }, + { + "name": "USN-496-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-496-1" + }, + { + "name": "DSA-1355", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1355" + }, + { + "name": "ADV-2007-2705", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2705" + }, + { + "name": "SUSE-SR:2007:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html" + }, + { + "name": "MDKSA-2007:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1596", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1596" + }, + { + "name": "MDKSA-2007:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165" + }, + { + "name": "26307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26307" + }, + { + "name": "MDKSA-2007:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158" + }, + { + "name": "DSA-1350", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1350" + }, + { + "name": "20070814 FLEA-2007-0045-1 poppler", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded" + }, + { + "name": "26468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26468" + }, + { + "name": "20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded" + }, + { + "name": "26982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26982" + }, + { + "name": "26254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26254" + }, + { + "name": "26370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26370" + }, + { + "name": "DSA-1348", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1348" + }, + { + "name": "26325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26325" + }, + { + "name": "26413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26413" + }, + { + "name": "DSA-1352", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1352" + }, + { + "name": "GLSA-200710-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml" + }, + { + "name": "DSA-1354", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1354" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1604", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1604" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=535497", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=535497" + }, + { + "name": "USN-496-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-496-2" + }, + { + "name": "MDKSA-2007:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163" + }, + { + "name": "http://www.kde.org/info/security/advisory-20070730-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20070730-1.txt" + }, + { + "name": "RHSA-2007:0731", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html" + }, + { + "name": "40127", + "refsource": "OSVDB", + "url": "http://osvdb.org/40127" + }, + { + "name": "26862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26862" + }, + { + "name": "GLSA-200805-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml" + }, + { + "name": "26281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26281" + }, + { + "name": "RHSA-2007:0720", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html" + }, + { + "name": "GLSA-200709-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200709-12.xml" + }, + { + "name": "25124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25124" + }, + { + "name": "26514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26514" + }, + { + "name": "26467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26467" + }, + { + "name": "SSA:2007-316-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882" + }, + { + "name": "26432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26432" + }, + { + "name": "26410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26410" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=187139", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=187139" + }, + { + "name": "26607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26607" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm" + }, + { + "name": "30168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30168" + }, + { + "name": "26358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26358" + }, + { + "name": "26365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26365" + }, + { + "name": "26627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26627" + }, + { + "name": "26293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26293" + }, + { + "name": "26283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26283" + }, + { + "name": "MDKSA-2007:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159" + }, + { + "name": "27308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27308" + }, + { + "name": "MDKSA-2007:160", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160" + }, + { + "name": "DSA-1357", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1357" + }, + { + "name": "GLSA-200709-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200709-17.xml" + }, + { + "name": "26403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26403" + }, + { + "name": "RHSA-2007:0732", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html" + }, + { + "name": "DSA-1349", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1349" + }, + { + "name": "26251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26251" + }, + { + "name": "oval:org.mitre.oval:def:11149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149" + }, + { + "name": "26292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26292" + }, + { + "name": "MDKSA-2007:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161" + }, + { + "name": "26342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26342" + }, + { + "name": "26257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26257" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194" + }, + { + "name": "26395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26395" + }, + { + "name": "SSA:2007-222-05", + "refsource": "SLACKWARE", + "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670" + }, + { + "name": "MDKSA-2007:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162" + }, + { + "name": "GLSA-200711-34", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml" + }, + { + "name": "1018473", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018473" + }, + { + "name": "RHSA-2007:0729", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html" + }, + { + "name": "26188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26188" + }, + { + "name": "26278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26278" + }, + { + "name": "26425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26425" + }, + { + "name": "GLSA-200710-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-20.xml" + }, + { + "name": "ADV-2007-2704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2704" + }, + { + "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch" + }, + { + "name": "DSA-1347", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1347" + }, + { + "name": "RHSA-2007:0735", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html" + }, + { + "name": "20070816 FLEA-2007-0046-1 cups", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded" + }, + { + "name": "27281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27281" + }, + { + "name": "20070801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc" + }, + { + "name": "https://issues.foresightlinux.org/browse/FL-471", + "refsource": "CONFIRM", + "url": "https://issues.foresightlinux.org/browse/FL-471" + }, + { + "name": "26436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26436" + }, + { + "name": "26343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26343" + }, + { + "name": "26407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26407" + }, + { + "name": "26255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26255" + }, + { + "name": "27156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27156" + }, + { + "name": "26318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26318" + }, + { + "name": "26470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26470" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "26297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26297" + }, + { + "name": "26405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26405" + }, + { + "name": "27637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27637" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3430.json b/2007/3xxx/CVE-2007-3430.json index b7f3feb3cbb..edf83b05678 100644 --- a/2007/3xxx/CVE-2007-3430.json +++ b/2007/3xxx/CVE-2007-3430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4098", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4098" - }, - { - "name" : "24601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24601" - }, - { - "name" : "ADV-2007-2310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2310" - }, - { - "name" : "36293", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36293" - }, - { - "name" : "25789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25789" - }, - { - "name" : "simpleinvoices-index-sql-injection(35021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simpleinvoices-index-sql-injection(35021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35021" + }, + { + "name": "25789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25789" + }, + { + "name": "ADV-2007-2310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2310" + }, + { + "name": "4098", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4098" + }, + { + "name": "36293", + "refsource": "OSVDB", + "url": "http://osvdb.org/36293" + }, + { + "name": "24601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24601" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3744.json b/2007/3xxx/CVE-2007-3744.json index 75860c5a864..3f80b42a96e 100644 --- a/2007/3xxx/CVE-2007-3744.json +++ b/2007/3xxx/CVE-2007-3744.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070807 Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=306172", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=306172" - }, - { - "name" : "APPLE-SA-2007-07-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" - }, - { - "name" : "25159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25159" - }, - { - "name" : "ADV-2007-2732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2732" - }, - { - "name" : "1018488", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018488" - }, - { - "name" : "26235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26235" - }, - { - "name" : "macos-mdnsresponder-bo(35733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2732" + }, + { + "name": "macos-mdnsresponder-bo(35733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35733" + }, + { + "name": "APPLE-SA-2007-07-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" + }, + { + "name": "1018488", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018488" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=306172", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=306172" + }, + { + "name": "25159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25159" + }, + { + "name": "20070807 Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573" + }, + { + "name": "26235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26235" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3879.json b/2007/3xxx/CVE-2007-3879.json index 2ed5d33b165..61ab9e795c7 100644 --- a/2007/3xxx/CVE-2007-3879.json +++ b/2007/3xxx/CVE-2007-3879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3964.json b/2007/3xxx/CVE-2007-3964.json index 43d85456c48..5ac8f4ec06e 100644 --- a/2007/3xxx/CVE-2007-3964.json +++ b/2007/3xxx/CVE-2007-3964.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jardinpresente.com.ar/trac/itaka/ticket/20", - "refsource" : "CONFIRM", - "url" : "http://www.jardinpresente.com.ar/trac/itaka/ticket/20" - }, - { - "name" : "24985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24985" - }, - { - "name" : "38278", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38278" - }, - { - "name" : "26146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jardinpresente.com.ar/trac/itaka/ticket/20", + "refsource": "CONFIRM", + "url": "http://www.jardinpresente.com.ar/trac/itaka/ticket/20" + }, + { + "name": "26146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26146" + }, + { + "name": "38278", + "refsource": "OSVDB", + "url": "http://osvdb.org/38278" + }, + { + "name": "24985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24985" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4077.json b/2007/4xxx/CVE-2007-4077.json index 62d6c9e10ba..6f0b7429358 100644 --- a/2007/4xxx/CVE-2007-4077.json +++ b/2007/4xxx/CVE-2007-4077.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" - }, - { - "name" : "37277", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37277" - }, - { - "name" : "37278", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37278" - }, - { - "name" : "37279", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37279" - }, - { - "name" : "37280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37280" - }, - { - "name" : "37281", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37281" - }, - { - "name" : "37282", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37282" - }, - { - "name" : "37283", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37283" - }, - { - "name" : "37284", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37283", + "refsource": "OSVDB", + "url": "http://osvdb.org/37283" + }, + { + "name": "37278", + "refsource": "OSVDB", + "url": "http://osvdb.org/37278" + }, + { + "name": "37284", + "refsource": "OSVDB", + "url": "http://osvdb.org/37284" + }, + { + "name": "37281", + "refsource": "OSVDB", + "url": "http://osvdb.org/37281" + }, + { + "name": "37282", + "refsource": "OSVDB", + "url": "http://osvdb.org/37282" + }, + { + "name": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" + }, + { + "name": "37279", + "refsource": "OSVDB", + "url": "http://osvdb.org/37279" + }, + { + "name": "37277", + "refsource": "OSVDB", + "url": "http://osvdb.org/37277" + }, + { + "name": "37280", + "refsource": "OSVDB", + "url": "http://osvdb.org/37280" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4180.json b/2007/4xxx/CVE-2007-4180.json index 17d8241c154..dc1ed059b86 100644 --- a/2007/4xxx/CVE-2007-4180.json +++ b/2007/4xxx/CVE-2007-4180.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475323/100/0/threaded" - }, - { - "name" : "http://outlaw.aria-security.info/?p=12", - "refsource" : "MISC", - "url" : "http://outlaw.aria-security.info/?p=12" - }, - { - "name" : "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-August/001752.html" - }, - { - "name" : "2973", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2973" - }, - { - "name" : "pluck-theme-directory-traversal(35757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pluck-theme-directory-traversal(35757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35757" + }, + { + "name": "2973", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2973" + }, + { + "name": "20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-August/001752.html" + }, + { + "name": "20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475323/100/0/threaded" + }, + { + "name": "http://outlaw.aria-security.info/?p=12", + "refsource": "MISC", + "url": "http://outlaw.aria-security.info/?p=12" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4429.json b/2007/4xxx/CVE-2007-4429.json index ff1f2b2c621..e4d54100134 100644 --- a/2007/4xxx/CVE-2007-4429.json +++ b/2007/4xxx/CVE-2007-4429.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070817 Skype Network Remote DoS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476942/100/0/threaded" - }, - { - "name" : "20070820 RE: Skype Network Remote DoS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477178/100/0/threaded" - }, - { - "name" : "20070820 Re: Skype Network Remote DoS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477156/100/0/threaded" - }, - { - "name" : "20070820 Re[2]: Skype Network Remote DoS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477240/100/0/threaded" - }, - { - "name" : "http://en.securitylab.ru/poc/301420.php", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/poc/301420.php" - }, - { - "name" : "http://en.securitylab.ru/poc/extra/301419.php", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/poc/extra/301419.php" - }, - { - "name" : "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html", - "refsource" : "MISC", - "url" : "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html" - }, - { - "name" : "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html", - "refsource" : "MISC", - "url" : "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html" - }, - { - "name" : "http://www.securitylab.ru/news/301422.php", - "refsource" : "MISC", - "url" : "http://www.securitylab.ru/news/301422.php" - }, - { - "name" : "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates", - "refsource" : "MISC", - "url" : "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates" - }, - { - "name" : "3032", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a \"call to a specific number.\" NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the \"sign-on issues\" that reduced Skype service on 20070817, which appears to be a site-specific problem. As of 20070821, it is not clear whether this issue is simply a symptom of the larger sign-on problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070820 Re: Skype Network Remote DoS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477156/100/0/threaded" + }, + { + "name": "20070820 Re[2]: Skype Network Remote DoS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477240/100/0/threaded" + }, + { + "name": "3032", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3032" + }, + { + "name": "http://en.securitylab.ru/poc/extra/301419.php", + "refsource": "MISC", + "url": "http://en.securitylab.ru/poc/extra/301419.php" + }, + { + "name": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html", + "refsource": "MISC", + "url": "http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html" + }, + { + "name": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates", + "refsource": "MISC", + "url": "http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates" + }, + { + "name": "http://www.securitylab.ru/news/301422.php", + "refsource": "MISC", + "url": "http://www.securitylab.ru/news/301422.php" + }, + { + "name": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html", + "refsource": "MISC", + "url": "http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html" + }, + { + "name": "http://en.securitylab.ru/poc/301420.php", + "refsource": "MISC", + "url": "http://en.securitylab.ru/poc/301420.php" + }, + { + "name": "20070820 RE: Skype Network Remote DoS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477178/100/0/threaded" + }, + { + "name": "20070817 Skype Network Remote DoS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476942/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4527.json b/2007/4xxx/CVE-2007-4527.json index 71433188aae..1feb65990ab 100644 --- a/2007/4xxx/CVE-2007-4527.json +++ b/2007/4xxx/CVE-2007-4527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25405" - }, - { - "name" : "45829", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25405" + }, + { + "name": "45829", + "refsource": "OSVDB", + "url": "http://osvdb.org/45829" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4678.json b/2007/4xxx/CVE-2007-4678.json index 656ab0e198d..e79a0d94b30 100644 --- a/2007/4xxx/CVE-2007-4678.json +++ b/2007/4xxx/CVE-2007-4678.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "1018950", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018950" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "macosx-appleraid-striped-dos(38461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018950", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018950" + }, + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + }, + { + "name": "macosx-appleraid-striped-dos(38461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38461" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4725.json b/2007/4xxx/CVE-2007-4725.json index 9259e60a424..24d2c76ea62 100644 --- a/2007/4xxx/CVE-2007-4725.json +++ b/2007/4xxx/CVE-2007-4725.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481" - }, - { - "name" : "http://akky.cjb.net/security/7-zip3.txt", - "refsource" : "CONFIRM", - "url" : "http://akky.cjb.net/security/7-zip3.txt" - }, - { - "name" : "JVN#62868899", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2362868899/index.html" - }, - { - "name" : "25545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25545" - }, - { - "name" : "ADV-2007-3086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3086" - }, - { - "name" : "40482", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40482" - }, - { - "name" : "26624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26624" - }, - { - "name" : "akkywarehouse-zip-bo(36459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26624" + }, + { + "name": "JVN#62868899", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2362868899/index.html" + }, + { + "name": "25545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25545" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481" + }, + { + "name": "40482", + "refsource": "OSVDB", + "url": "http://osvdb.org/40482" + }, + { + "name": "http://akky.cjb.net/security/7-zip3.txt", + "refsource": "CONFIRM", + "url": "http://akky.cjb.net/security/7-zip3.txt" + }, + { + "name": "ADV-2007-3086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3086" + }, + { + "name": "akkywarehouse-zip-bo(36459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36459" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4737.json b/2007/4xxx/CVE-2007-4737.json index ced0bf97c99..af9c0f2d612 100644 --- a/2007/4xxx/CVE-2007-4737.json +++ b/2007/4xxx/CVE-2007-4737.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4358", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4358" - }, - { - "name" : "25525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25525" - }, - { - "name" : "ADV-2007-3092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3092" - }, - { - "name" : "38929", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38929" - }, - { - "name" : "38930", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38930" - }, - { - "name" : "38931", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38931" - }, - { - "name" : "26658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26658" - }, - { - "name" : "speedtech-stphplibdir-file-include(36416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38929", + "refsource": "OSVDB", + "url": "http://osvdb.org/38929" + }, + { + "name": "38930", + "refsource": "OSVDB", + "url": "http://osvdb.org/38930" + }, + { + "name": "4358", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4358" + }, + { + "name": "25525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25525" + }, + { + "name": "speedtech-stphplibdir-file-include(36416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36416" + }, + { + "name": "38931", + "refsource": "OSVDB", + "url": "http://osvdb.org/38931" + }, + { + "name": "ADV-2007-3092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3092" + }, + { + "name": "26658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26658" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6020.json b/2007/6xxx/CVE-2007-6020.json index 3fc452c6a01..79da606b46b 100644 --- a/2007/6xxx/CVE-2007-6020.json +++ b/2007/6xxx/CVE-2007-6020.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-6020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490829/100/0/threaded" - }, - { - "name" : "20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490831/100/0/threaded" - }, - { - "name" : "20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490830/100/0/threaded" - }, - { - "name" : "20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490827/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2007-104/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-104/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2007-105/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-105/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2007-106/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-106/advisory/" - }, - { - "name" : "http://secunia.com/secunia_research/2007-107/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-107/advisory/" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html" - }, - { - "name" : "28454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28454" - }, - { - "name" : "ADV-2008-1153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1153" - }, - { - "name" : "ADV-2008-1154", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1154" - }, - { - "name" : "ADV-2008-1156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1156" - }, - { - "name" : "1019805", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019805" - }, - { - "name" : "1019841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019841" - }, - { - "name" : "27763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27763" - }, - { - "name" : "28140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28140" - }, - { - "name" : "28209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28209" - }, - { - "name" : "28210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28210" - }, - { - "name" : "29342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29342" - }, - { - "name" : "autonomy-keyview-foliosr-bo(41716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28140" + }, + { + "name": "http://secunia.com/secunia_research/2007-106/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-106/advisory/" + }, + { + "name": "29342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29342" + }, + { + "name": "27763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27763" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html" + }, + { + "name": "28209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28209" + }, + { + "name": "ADV-2008-1156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1156" + }, + { + "name": "20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453" + }, + { + "name": "28454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28454" + }, + { + "name": "http://secunia.com/secunia_research/2007-105/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-105/advisory/" + }, + { + "name": "20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded" + }, + { + "name": "28210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28210" + }, + { + "name": "20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded" + }, + { + "name": "20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded" + }, + { + "name": "autonomy-keyview-foliosr-bo(41716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716" + }, + { + "name": "ADV-2008-1154", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1154" + }, + { + "name": "1019841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019841" + }, + { + "name": "1019805", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019805" + }, + { + "name": "ADV-2008-1153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1153" + }, + { + "name": "http://secunia.com/secunia_research/2007-104/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-104/advisory/" + }, + { + "name": "http://secunia.com/secunia_research/2007-107/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-107/advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6110.json b/2007/6xxx/CVE-2007-6110.json index 26372811a9f..e903f1eb968 100644 --- a/2007/6xxx/CVE-2007-6110.json +++ b/2007/6xxx/CVE-2007-6110.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev", - "refsource" : "MISC", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278" - }, - { - "name" : "DSA-1429", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1429" - }, - { - "name" : "FEDORA-2007-757", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html" - }, - { - "name" : "RHSA-2007:1095", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1095.html" - }, - { - "name" : "SUSE-SR:2007:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_25_sr.html" - }, - { - "name" : "26610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26610" - }, - { - "name" : "oval:org.mitre.oval:def:11515", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515" - }, - { - "name" : "ADV-2007-4038", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4038" - }, - { - "name" : "1019010", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019010" - }, - { - "name" : "27850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27850" - }, - { - "name" : "27890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27890" - }, - { - "name" : "28062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28062" - }, - { - "name" : "27965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27965" + }, + { + "name": "oval:org.mitre.oval:def:11515", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515" + }, + { + "name": "1019010", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019010" + }, + { + "name": "27850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27850" + }, + { + "name": "SUSE-SR:2007:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html" + }, + { + "name": "ADV-2007-4038", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4038" + }, + { + "name": "RHSA-2007:1095", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1095.html" + }, + { + "name": "26610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26610" + }, + { + "name": "27890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27890" + }, + { + "name": "28062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28062" + }, + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev", + "refsource": "MISC", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev" + }, + { + "name": "FEDORA-2007-757", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html" + }, + { + "name": "DSA-1429", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1429" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6480.json b/2007/6xxx/CVE-2007-6480.json index 52f53efd783..c27d93b8c5e 100644 --- a/2007/6xxx/CVE-2007-6480.json +++ b/2007/6xxx/CVE-2007-6480.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "103152", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1" - }, - { - "name" : "201508", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201508-1" - }, - { - "name" : "26948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26948" - }, - { - "name" : "ADV-2007-4268", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4268" - }, - { - "name" : "39563", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39563" - }, - { - "name" : "1019119", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019119" - }, - { - "name" : "28151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28151" - }, - { - "name" : "sunmc-smcorau-unauthorized-access(39137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28151" + }, + { + "name": "1019119", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019119" + }, + { + "name": "103152", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1" + }, + { + "name": "201508", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201508-1" + }, + { + "name": "26948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26948" + }, + { + "name": "sunmc-smcorau-unauthorized-access(39137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39137" + }, + { + "name": "39563", + "refsource": "OSVDB", + "url": "http://osvdb.org/39563" + }, + { + "name": "ADV-2007-4268", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4268" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6548.json b/2007/6xxx/CVE-2007-6548.json index 3b33744a5c6..37fae44ec03 100644 --- a/2007/6xxx/CVE-2007-6548.json +++ b/2007/6xxx/CVE-2007-6548.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485512/100/0/threaded" - }, - { - "name" : "4790", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4790" - }, - { - "name" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", - "refsource" : "CONFIRM", - "url" : "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" - }, - { - "name" : "27019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27019" - }, - { - "name" : "41247", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41247" - }, - { - "name" : "41248", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41248" - }, - { - "name" : "41249", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41249" - }, - { - "name" : "41250", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41250" - }, - { - "name" : "41251", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41251" - }, - { - "name" : "3493", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41250", + "refsource": "OSVDB", + "url": "http://osvdb.org/41250" + }, + { + "name": "41251", + "refsource": "OSVDB", + "url": "http://osvdb.org/41251" + }, + { + "name": "41249", + "refsource": "OSVDB", + "url": "http://osvdb.org/41249" + }, + { + "name": "41248", + "refsource": "OSVDB", + "url": "http://osvdb.org/41248" + }, + { + "name": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131", + "refsource": "CONFIRM", + "url": "http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131" + }, + { + "name": "4790", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4790" + }, + { + "name": "41247", + "refsource": "OSVDB", + "url": "http://osvdb.org/41247" + }, + { + "name": "27019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27019" + }, + { + "name": "3493", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3493" + }, + { + "name": "20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485512/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1382.json b/2010/1xxx/CVE-2010-1382.json index 8696cd95498..95f192ea4b6 100644 --- a/2010/1xxx/CVE-2010-1382.json +++ b/2010/1xxx/CVE-2010-1382.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2010-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "40871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40871" - }, - { - "name" : "1024103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024103" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "40871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40871" + }, + { + "name": "1024103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024103" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0352.json b/2014/0xxx/CVE-2014-0352.json index 9e0469b6a1e..7ee06999cd8 100644 --- a/2014/0xxx/CVE-2014-0352.json +++ b/2014/0xxx/CVE-2014-0352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0352", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2216. Reason: This candidate is a reservation duplicate of CVE-2014-2216. Notes: All CVE users should reference CVE-2014-2216 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0352", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2216. Reason: This candidate is a reservation duplicate of CVE-2014-2216. Notes: All CVE users should reference CVE-2014-2216 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1317.json b/2014/1xxx/CVE-2014-1317.json index 85f9cb99b1c..ae244b1f843 100644 --- a/2014/1xxx/CVE-2014-1317.json +++ b/2014/1xxx/CVE-2014-1317.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6296", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6296" - }, - { - "name" : "APPLE-SA-2014-06-30-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" - }, - { - "name" : "1030505", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030505" - }, - { - "name" : "59475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6296", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6296" + }, + { + "name": "1030505", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030505" + }, + { + "name": "APPLE-SA-2014-06-30-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" + }, + { + "name": "59475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59475" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1670.json b/2014/1xxx/CVE-2014-1670.json index 30ee9c012c6..0f910a68497 100644 --- a/2014/1xxx/CVE-2014-1670.json +++ b/2014/1xxx/CVE-2014-1670.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/", - "refsource" : "MISC", - "url" : "http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/" - }, - { - "name" : "http://www.youtube.com/watch?v=_j1RKtTxZ3k", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=_j1RKtTxZ3k" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.microsoft.bing", - "refsource" : "MISC", - "url" : "https://play.google.com/store/apps/details?id=com.microsoft.bing" - }, - { - "name" : "65128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65128" - }, - { - "name" : "102575", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102575" - }, - { - "name" : "ms-bing-cve20141670-code-exec(90977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/", + "refsource": "MISC", + "url": "http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/" + }, + { + "name": "http://www.youtube.com/watch?v=_j1RKtTxZ3k", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=_j1RKtTxZ3k" + }, + { + "name": "102575", + "refsource": "OSVDB", + "url": "http://osvdb.org/102575" + }, + { + "name": "ms-bing-cve20141670-code-exec(90977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90977" + }, + { + "name": "65128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65128" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.microsoft.bing", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=com.microsoft.bing" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1829.json b/2014/1xxx/CVE-2014-1829.json index 4793ae5ba02..cd38531d009 100644 --- a/2014/1xxx/CVE-2014-1829.json +++ b/2014/1xxx/CVE-2014-1829.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108" - }, - { - "name" : "https://github.com/kennethreitz/requests/issues/1885", - "refsource" : "CONFIRM", - "url" : "https://github.com/kennethreitz/requests/issues/1885" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0409.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0409.html" - }, - { - "name" : "DSA-3146", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3146" - }, - { - "name" : "MDVSA-2015:133", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133" - }, - { - "name" : "USN-2382-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2382-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108" + }, + { + "name": "MDVSA-2015:133", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133" + }, + { + "name": "USN-2382-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2382-1" + }, + { + "name": "https://github.com/kennethreitz/requests/issues/1885", + "refsource": "CONFIRM", + "url": "https://github.com/kennethreitz/requests/issues/1885" + }, + { + "name": "DSA-3146", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3146" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0409.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0409.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5068.json b/2014/5xxx/CVE-2014-5068.json index 1c39df1d59b..6effc85d46d 100644 --- a/2014/5xxx/CVE-2014-5068.json +++ b/2014/5xxx/CVE-2014-5068.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\\ (dot dot forward slash) before a file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\\ (dot dot forward slash) before a file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5068/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5211.json b/2014/5xxx/CVE-2014-5211.json index 38577de3a61..9766975789e 100644 --- a/2014/5xxx/CVE-2014-5211.json +++ b/2014/5xxx/CVE-2014-5211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-008/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-008/" - }, - { - "name" : "http://support.attachmate.com/techdocs/1708.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/1708.html" - }, - { - "name" : "http://support.attachmate.com/techdocs/2288.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2288.html" - }, - { - "name" : "http://support.attachmate.com/techdocs/2501.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2501.html" - }, - { - "name" : "http://support.attachmate.com/techdocs/2502.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2502.html" - }, - { - "name" : "62467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.attachmate.com/techdocs/1708.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/1708.html" + }, + { + "name": "http://support.attachmate.com/techdocs/2501.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2501.html" + }, + { + "name": "http://support.attachmate.com/techdocs/2502.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2502.html" + }, + { + "name": "62467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62467" + }, + { + "name": "http://support.attachmate.com/techdocs/2288.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2288.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-008/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-008/" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5405.json b/2014/5xxx/CVE-2014-5405.json index b010799d99c..5e9e5aec48d 100644 --- a/2014/5xxx/CVE-2014-5405.json +++ b/2014/5xxx/CVE-2014-5405.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5555.json b/2014/5xxx/CVE-2014-5555.json index 82ded0d4ced..a3d5f118000 100644 --- a/2014/5xxx/CVE-2014-5555.json +++ b/2014/5xxx/CVE-2014-5555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#409577", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/409577" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#409577", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/409577" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5985.json b/2014/5xxx/CVE-2014-5985.json index fc4450c35be..8ef65b0a496 100644 --- a/2014/5xxx/CVE-2014-5985.json +++ b/2014/5xxx/CVE-2014-5985.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#566921", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/566921" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#566921", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/566921" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2507.json b/2015/2xxx/CVE-2015-2507.json index 4b21b8ed487..2f28df16901 100644 --- a/2015/2xxx/CVE-2015-2507.json +++ b/2015/2xxx/CVE-2015-2507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Font Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2512." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38279", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38279/" - }, - { - "name" : "MS15-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" - }, - { - "name" : "76591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76591" - }, - { - "name" : "1033485", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka \"Font Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2512." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033485", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033485" + }, + { + "name": "76591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76591" + }, + { + "name": "MS15-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" + }, + { + "name": "38279", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38279/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2537.json b/2015/2xxx/CVE-2015-2537.json index 74a158da670..520834bbe79 100644 --- a/2015/2xxx/CVE-2015-2537.json +++ b/2015/2xxx/CVE-2015-2537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2537", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2537", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2915.json b/2015/2xxx/CVE-2015-2915.json index 1628bf920ff..c611eb47bb1 100644 --- a/2015/2xxx/CVE-2015-2915.json +++ b/2015/2xxx/CVE-2015-2915.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#906576", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/906576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#906576", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/906576" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2990.json b/2015/2xxx/CVE-2015-2990.json index 49a0e838efe..ae9601e959b 100644 --- a/2015/2xxx/CVE-2015-2990.json +++ b/2015/2xxx/CVE-2015-2990.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.desknets.com/neo/support/mainte/2590/", - "refsource" : "CONFIRM", - "url" : "http://www.desknets.com/neo/support/mainte/2590/" - }, - { - "name" : "JVN#09283606", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN09283606/index.html" - }, - { - "name" : "JVNDB-2015-000122", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000122", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000122" + }, + { + "name": "JVN#09283606", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN09283606/index.html" + }, + { + "name": "http://www.desknets.com/neo/support/mainte/2590/", + "refsource": "CONFIRM", + "url": "http://www.desknets.com/neo/support/mainte/2590/" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6113.json b/2015/6xxx/CVE-2015-6113.json index 3a0e8ab6124..7dea690bc01 100644 --- a/2015/6xxx/CVE-2015-6113.json +++ b/2015/6xxx/CVE-2015-6113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka \"Windows Kernel Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-115", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-115" - }, - { - "name" : "1034114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka \"Windows Kernel Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-115", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-115" + }, + { + "name": "1034114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034114" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6401.json b/2015/6xxx/CVE-2015-6401.json index a30721e349d..00879f599e7 100644 --- a/2015/6xxx/CVE-2015-6401.json +++ b/2015/6xxx/CVE-2015-6401.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39904", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39904/" - }, - { - "name" : "20151208 Cisco Wireless Residential Unauthorized Command Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr" - }, - { - "name" : "1034347", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39904", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39904/" + }, + { + "name": "20151208 Cisco Wireless Residential Unauthorized Command Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr" + }, + { + "name": "1034347", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034347" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6965.json b/2015/6xxx/CVE-2015-6965.json index 9ec4d5d3116..dbb3ac10a01 100644 --- a/2015/6xxx/CVE-2015-6965.json +++ b/2015/6xxx/CVE-2015-6965.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38086", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38086/" - }, - { - "name" : "http://packetstormsecurity.com/files/133463/WordPress-Contact-Form-Generator-2.0.1-CSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133463/WordPress-Contact-Form-Generator-2.0.1-CSRF.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8176", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8176", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8176" + }, + { + "name": "http://packetstormsecurity.com/files/133463/WordPress-Contact-Form-Generator-2.0.1-CSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133463/WordPress-Contact-Form-Generator-2.0.1-CSRF.html" + }, + { + "name": "38086", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38086/" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0909.json b/2016/0xxx/CVE-2016-0909.json index f8db964ed25..3ae2d0f0721 100644 --- a/2016/0xxx/CVE-2016-0909.json +++ b/2016/0xxx/CVE-2016-0909.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2016-0909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Privilege Management" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2016-0909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older", + "version": { + "version_data": [ + { + "version_value": "EMC Avamar Data Store (ADS) versions 7.3.0 and older, Avamar Virtual Edition (AVE) versions 7.3.0 and older" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/539613", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/539613" - }, - { - "name" : "93788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93788" - }, - { - "name" : "1037066", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037066", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037066" + }, + { + "name": "http://www.securityfocus.com/archive/1/539613", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/539613" + }, + { + "name": "93788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93788" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000112.json b/2016/1000xxx/CVE-2016-1000112.json index 8532314e916..d22b1a5f314 100644 --- a/2016/1000xxx/CVE-2016-1000112.json +++ b/2016/1000xxx/CVE-2016-1000112.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=163", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=163" - }, - { - "name" : "93967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93967" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=163", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=163" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10451.json b/2016/10xxx/CVE-2016-10451.json index e26f339df9c..cde3a8de517 100644 --- a/2016/10xxx/CVE-2016-10451.json +++ b/2016/10xxx/CVE-2016-10451.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, privilege escalation may occur due to inherently insecure treatment of local files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary command execution due to privilege escalation in mobileap_v2" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, privilege escalation may occur due to inherently insecure treatment of local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary command execution due to privilege escalation in mobileap_v2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10576.json b/2016/10xxx/CVE-2016-10576.json index 9d1b2fa0827..4cb8263546d 100644 --- a/2016/10xxx/CVE-2016-10576.json +++ b/2016/10xxx/CVE-2016-10576.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "fuseki node module", - "version" : { - "version_data" : [ - { - "version_value" : "<1.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "fuseki node module", + "version": { + "version_data": [ + { + "version_value": "<1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/278", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/278", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/278" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10659.json b/2016/10xxx/CVE-2016-10659.json index 55001068e5d..f386c74ae88 100644 --- a/2016/10xxx/CVE-2016-10659.json +++ b/2016/10xxx/CVE-2016-10659.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "poco node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "poco node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/271", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/271", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/271" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4085.json b/2016/4xxx/CVE-2016-4085.json index 03e4d1f606c..c1ce1dfa96d 100644 --- a/2016/4xxx/CVE-2016-4085.json +++ b/2016/4xxx/CVE-2016-4085.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2016-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2016-28.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3585", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3585" - }, - { - "name" : "87467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/87467" - }, - { - "name" : "1035685", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2016-28.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2016-28.html" + }, + { + "name": "1035685", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035685" + }, + { + "name": "DSA-3585", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3585" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293" + }, + { + "name": "87467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/87467" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4268.json b/2016/4xxx/CVE-2016-4268.json index 129432a5112..fcb013487b3 100644 --- a/2016/4xxx/CVE-2016-4268.json +++ b/2016/4xxx/CVE-2016-4268.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4269, and CVE-2016-4270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-492", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-492" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html" - }, - { - "name" : "92643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4269, and CVE-2016-4270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-492", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-492" + }, + { + "name": "92643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92643" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4308.json b/2016/4xxx/CVE-2016-4308.json index 050c91f32a7..0378c2f75a1 100644 --- a/2016/4xxx/CVE-2016-4308.json +++ b/2016/4xxx/CVE-2016-4308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4463.json b/2016/4xxx/CVE-2016-4463.json index 74559418e6c..9fdf6765883 100644 --- a/2016/4xxx/CVE-2016-4463.json +++ b/2016/4xxx/CVE-2016-4463.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538784/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/XERCESC-2069", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/XERCESC-2069" - }, - { - "name" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069" - }, - { - "name" : "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt", - "refsource" : "CONFIRM", - "url" : "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3610", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2016/dsa-3610" - }, - { - "name" : "RHSA-2018:3335", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3335" - }, - { - "name" : "RHSA-2018:3506", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3506" - }, - { - "name" : "RHSA-2018:3514", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3514" - }, - { - "name" : "openSUSE-SU-2016:2232", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1808", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html" - }, - { - "name" : "91501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91501" - }, - { - "name" : "1036211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://issues.apache.org/jira/browse/XERCESC-2069", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/XERCESC-2069" + }, + { + "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069" + }, + { + "name": "RHSA-2018:3335", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3335" + }, + { + "name": "DSA-3610", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2016/dsa-3610" + }, + { + "name": "1036211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036211" + }, + { + "name": "openSUSE-SU-2016:2232", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html" + }, + { + "name": "RHSA-2018:3506", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3506" + }, + { + "name": "RHSA-2018:3514", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3514" + }, + { + "name": "91501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91501" + }, + { + "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt", + "refsource": "CONFIRM", + "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt" + }, + { + "name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html" + }, + { + "name": "openSUSE-SU-2016:1808", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4533.json b/2016/4xxx/CVE-2016-4533.json index 35a44a4f81b..363bea4dda2 100644 --- a/2016/4xxx/CVE-2016-4533.json +++ b/2016/4xxx/CVE-2016-4533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01" - }, - { - "name" : "91522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91522" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4942.json b/2016/4xxx/CVE-2016-4942.json index a051f91ad48..7f69b56c0a7 100644 --- a/2016/4xxx/CVE-2016-4942.json +++ b/2016/4xxx/CVE-2016-4942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8652.json b/2016/8xxx/CVE-2016-8652.json index 663cb479fc2..6676878ff6c 100644 --- a/2016/8xxx/CVE-2016-8652.json +++ b/2016/8xxx/CVE-2016-8652.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-8652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-8652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot-news] 20161203 v2.2.27 released", - "refsource" : "MLIST", - "url" : "http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html" - }, - { - "name" : "[oss-security] 20161202 Important vulnerability in Dovecot (CVE-2016-8652)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/02/4" - }, - { - "name" : "[oss-security] 20161205 Re: Important vulnerability in Dovecot (CVE-2016-8652)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/05/12" - }, - { - "name" : "94639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94639" + }, + { + "name": "[oss-security] 20161202 Important vulnerability in Dovecot (CVE-2016-8652)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/02/4" + }, + { + "name": "[dovecot-news] 20161203 v2.2.27 released", + "refsource": "MLIST", + "url": "http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html" + }, + { + "name": "[oss-security] 20161205 Re: Important vulnerability in Dovecot (CVE-2016-8652)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/05/12" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8839.json b/2016/8xxx/CVE-2016-8839.json index e8825f9ea22..f0b8ed6d15a 100644 --- a/2016/8xxx/CVE-2016-8839.json +++ b/2016/8xxx/CVE-2016-8839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8839", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8839", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9160.json b/2016/9xxx/CVE-2016-9160.json index 60d2ff9c1ca..6a514947dac 100644 --- a/2016/9xxx/CVE-2016-9160.json +++ b/2016/9xxx/CVE-2016-9160.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2016-9160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)", - "version" : { - "version_data" : [ - { - "version_value" : "SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-111: Direct Use of Unsafe JNI" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2016-9160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)", + "version": { + "version_data": [ + { + "version_value": "SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf" - }, - { - "name" : "94825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94825" - }, - { - "name" : "1037435", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-111: Direct Use of Unsafe JNI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf" + }, + { + "name": "1037435", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037435" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04" + }, + { + "name": "94825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94825" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9216.json b/2016/9xxx/CVE-2016-9216.json index 576dbaf1c28..69ad675972d 100644 --- a/2016/9xxx/CVE-2016-9216.json +++ b/2016/9xxx/CVE-2016-9216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-9216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco ASR 5000 Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco ASR 5000 Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-9216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASR 5000 Software", + "version": { + "version_data": [ + { + "version_value": "Cisco ASR 5000 Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr" - }, - { - "name" : "95629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95629" - }, - { - "name" : "1037652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037652" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr" + }, + { + "name": "95629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95629" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9381.json b/2016/9xxx/CVE-2016-9381.json index a7d55be3904..a1e64f13741 100644 --- a/2016/9xxx/CVE-2016-9381.json +++ b/2016/9xxx/CVE-2016-9381.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-197.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-197.html" - }, - { - "name" : "https://support.citrix.com/article/CTX218775", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX218775" - }, - { - "name" : "GLSA-201612-56", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-56" - }, - { - "name" : "94476", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94476" - }, - { - "name" : "1037344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/advisory-197.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-197.html" + }, + { + "name": "GLSA-201612-56", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-56" + }, + { + "name": "94476", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94476" + }, + { + "name": "https://support.citrix.com/article/CTX218775", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX218775" + }, + { + "name": "1037344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037344" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9733.json b/2016/9xxx/CVE-2016-9733.json index f799c527913..e9bdb6d69cf 100644 --- a/2016/9xxx/CVE-2016-9733.json +++ b/2016/9xxx/CVE-2016-9733.json @@ -1,126 +1,126 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2016-9733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.0.1" - }, - { - "version_value" : "4.0.0.2" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2016-9733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.0.1" + }, + { + "version_value": "4.0.0.2" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004611", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004611" - }, - { - "name" : "99352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99352" - }, - { - "name" : "1038912", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119762" + }, + { + "name": "99352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99352" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004611", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004611" + }, + { + "name": "1038912", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038912" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9737.json b/2016/9xxx/CVE-2016-9737.json index 385f939e477..f941115d1d7 100644 --- a/2016/9xxx/CVE-2016-9737.json +++ b/2016/9xxx/CVE-2016-9737.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-9737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.2" - }, - { - "version_value" : "3.2.1" - }, - { - "version_value" : "3.1" - }, - { - "version_value" : "3.0" - }, - { - "version_value" : "3.3" - }, - { - "version_value" : "3.3.1" - }, - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-9737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.2" + }, + { + "version_value": "3.2.1" + }, + { + "version_value": "3.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.3" + }, + { + "version_value": "3.3.1" + }, + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21996200", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21996200" - }, - { - "name" : "97064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21996200", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21996200" + }, + { + "name": "97064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97064" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9780.json b/2016/9xxx/CVE-2016-9780.json index 7a210ce1b79..3341b6cc20d 100644 --- a/2016/9xxx/CVE-2016-9780.json +++ b/2016/9xxx/CVE-2016-9780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9780", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9780", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2100.json b/2019/2xxx/CVE-2019-2100.json index 6cc735c6cb7..c5d24244895 100644 --- a/2019/2xxx/CVE-2019-2100.json +++ b/2019/2xxx/CVE-2019-2100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2276.json b/2019/2xxx/CVE-2019-2276.json index 0b044dc93f2..42503c3ae45 100644 --- a/2019/2xxx/CVE-2019-2276.json +++ b/2019/2xxx/CVE-2019-2276.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2276", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2276", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2302.json b/2019/2xxx/CVE-2019-2302.json index 940b6f3e485..10c7c97a4f3 100644 --- a/2019/2xxx/CVE-2019-2302.json +++ b/2019/2xxx/CVE-2019-2302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2975.json b/2019/2xxx/CVE-2019-2975.json index dfe98cc0601..c33ebbe1961 100644 --- a/2019/2xxx/CVE-2019-2975.json +++ b/2019/2xxx/CVE-2019-2975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2976.json b/2019/2xxx/CVE-2019-2976.json index a93e068c7ca..13e0c71918c 100644 --- a/2019/2xxx/CVE-2019-2976.json +++ b/2019/2xxx/CVE-2019-2976.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2976", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2976", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3197.json b/2019/3xxx/CVE-2019-3197.json index f3e06d20aee..f3291363859 100644 --- a/2019/3xxx/CVE-2019-3197.json +++ b/2019/3xxx/CVE-2019-3197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3561.json b/2019/3xxx/CVE-2019-3561.json index 7892dbd5483..35c30d41c3a 100644 --- a/2019/3xxx/CVE-2019-3561.json +++ b/2019/3xxx/CVE-2019-3561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3895.json b/2019/3xxx/CVE-2019-3895.json index f1387ac2bc4..a2fd1b48348 100644 --- a/2019/3xxx/CVE-2019-3895.json +++ b/2019/3xxx/CVE-2019-3895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3895", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3975.json b/2019/3xxx/CVE-2019-3975.json index 889b8e62302..37e64f920cf 100644 --- a/2019/3xxx/CVE-2019-3975.json +++ b/2019/3xxx/CVE-2019-3975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3992.json b/2019/3xxx/CVE-2019-3992.json index 5f25f7e8673..8cecef7146e 100644 --- a/2019/3xxx/CVE-2019-3992.json +++ b/2019/3xxx/CVE-2019-3992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3992", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3992", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6056.json b/2019/6xxx/CVE-2019-6056.json index b301b66ccb9..f6c2cb6c5d2 100644 --- a/2019/6xxx/CVE-2019-6056.json +++ b/2019/6xxx/CVE-2019-6056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6192.json b/2019/6xxx/CVE-2019-6192.json index 47297e61097..99de0555951 100644 --- a/2019/6xxx/CVE-2019-6192.json +++ b/2019/6xxx/CVE-2019-6192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6709.json b/2019/6xxx/CVE-2019-6709.json index 780a5fd84f7..d12274ec583 100644 --- a/2019/6xxx/CVE-2019-6709.json +++ b/2019/6xxx/CVE-2019-6709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7103.json b/2019/7xxx/CVE-2019-7103.json index afb1fcec6dd..bbe25699e41 100644 --- a/2019/7xxx/CVE-2019-7103.json +++ b/2019/7xxx/CVE-2019-7103.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7103", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7103", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7192.json b/2019/7xxx/CVE-2019-7192.json index 9dfbab723ea..aaf5327f200 100644 --- a/2019/7xxx/CVE-2019-7192.json +++ b/2019/7xxx/CVE-2019-7192.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7192", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7225.json b/2019/7xxx/CVE-2019-7225.json index 79d1732e85d..b09fe7553fa 100644 --- a/2019/7xxx/CVE-2019-7225.json +++ b/2019/7xxx/CVE-2019-7225.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7225", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7225", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7285.json b/2019/7xxx/CVE-2019-7285.json index 8f0d775f441..6f5b9849773 100644 --- a/2019/7xxx/CVE-2019-7285.json +++ b/2019/7xxx/CVE-2019-7285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7866.json b/2019/7xxx/CVE-2019-7866.json index 6b3979986a9..76962431ff5 100644 --- a/2019/7xxx/CVE-2019-7866.json +++ b/2019/7xxx/CVE-2019-7866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8166.json b/2019/8xxx/CVE-2019-8166.json index 81242b6a623..888a7424326 100644 --- a/2019/8xxx/CVE-2019-8166.json +++ b/2019/8xxx/CVE-2019-8166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8269.json b/2019/8xxx/CVE-2019-8269.json index 6708b3a7a6b..856d891783a 100644 --- a/2019/8xxx/CVE-2019-8269.json +++ b/2019/8xxx/CVE-2019-8269.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2019-03-01T00:00:00", - "ID" : "CVE-2019-8269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UltraVNC", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2019-03-01T00:00:00", + "ID": "CVE-2019-8269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UltraVNC", + "version": { + "version_data": [ + { + "version_value": "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/" + } + ] + } +} \ No newline at end of file