From 43ada57ca9161b453cc12c79848dec190b02fc2c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:50:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2088.json | 160 +++++----- 2007/2xxx/CVE-2007-2615.json | 180 ++++++------ 2007/2xxx/CVE-2007-2675.json | 190 ++++++------ 2007/2xxx/CVE-2007-2945.json | 170 +++++------ 2007/3xxx/CVE-2007-3264.json | 170 +++++------ 2007/3xxx/CVE-2007-3536.json | 170 +++++------ 2007/3xxx/CVE-2007-3896.json | 520 ++++++++++++++++----------------- 2007/6xxx/CVE-2007-6679.json | 180 ++++++------ 2007/6xxx/CVE-2007-6735.json | 130 ++++----- 2010/1xxx/CVE-2010-1435.json | 34 +-- 2010/1xxx/CVE-2010-1779.json | 34 +-- 2010/5xxx/CVE-2010-5190.json | 120 ++++---- 2010/5xxx/CVE-2010-5214.json | 130 ++++----- 2014/0xxx/CVE-2014-0085.json | 120 ++++---- 2014/0xxx/CVE-2014-0702.json | 34 +-- 2014/0xxx/CVE-2014-0762.json | 120 ++++---- 2014/0xxx/CVE-2014-0835.json | 180 ++++++------ 2014/0xxx/CVE-2014-0933.json | 140 ++++----- 2014/1xxx/CVE-2014-1846.json | 150 +++++----- 2014/1xxx/CVE-2014-1947.json | 34 +-- 2014/1xxx/CVE-2014-1973.json | 140 ++++----- 2014/5xxx/CVE-2014-5420.json | 120 ++++---- 2014/5xxx/CVE-2014-5664.json | 140 ++++----- 2015/2xxx/CVE-2015-2167.json | 130 ++++----- 2015/2xxx/CVE-2015-2762.json | 130 ++++----- 2015/2xxx/CVE-2015-2926.json | 140 ++++----- 2015/2xxx/CVE-2015-2941.json | 170 +++++------ 2016/10xxx/CVE-2016-10352.json | 34 +-- 2016/10xxx/CVE-2016-10480.json | 132 ++++----- 2016/10xxx/CVE-2016-10600.json | 122 ++++---- 2016/4xxx/CVE-2016-4645.json | 150 +++++----- 2016/4xxx/CVE-2016-4692.json | 180 ++++++------ 2016/4xxx/CVE-2016-4758.json | 200 ++++++------- 2016/8xxx/CVE-2016-8084.json | 34 +-- 2016/8xxx/CVE-2016-8090.json | 34 +-- 2016/8xxx/CVE-2016-8123.json | 34 +-- 2016/8xxx/CVE-2016-8148.json | 34 +-- 2016/9xxx/CVE-2016-9295.json | 34 +-- 2016/9xxx/CVE-2016-9911.json | 170 +++++------ 2019/2xxx/CVE-2019-2299.json | 34 +-- 2019/2xxx/CVE-2019-2426.json | 160 +++++----- 2019/2xxx/CVE-2019-2550.json | 132 ++++----- 2019/2xxx/CVE-2019-2752.json | 34 +-- 2019/2xxx/CVE-2019-2999.json | 34 +-- 2019/3xxx/CVE-2019-3832.json | 34 +-- 2019/3xxx/CVE-2019-3838.json | 34 +-- 2019/6xxx/CVE-2019-6038.json | 34 +-- 2019/6xxx/CVE-2019-6213.json | 238 +++++++-------- 2019/6xxx/CVE-2019-6359.json | 34 +-- 2019/6xxx/CVE-2019-6406.json | 34 +-- 2019/7xxx/CVE-2019-7006.json | 182 ++++++------ 2019/7xxx/CVE-2019-7553.json | 34 +-- 2019/7xxx/CVE-2019-7675.json | 120 ++++---- 2019/7xxx/CVE-2019-7891.json | 34 +-- 2019/7xxx/CVE-2019-7923.json | 34 +-- 55 files changed, 3150 insertions(+), 3150 deletions(-) diff --git a/2007/2xxx/CVE-2007-2088.json b/2007/2xxx/CVE-2007-2088.json index 2b88537bcc3..06f93e89fbf 100644 --- a/2007/2xxx/CVE-2007-2088.json +++ b/2007/2xxx/CVE-2007-2088.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070414 Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465860/100/0/threaded" - }, - { - "name" : "35393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35393" - }, - { - "name" : "35394", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35394" - }, - { - "name" : "2586", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2586" - }, - { - "name" : "sitebar-index-integrator-file-include(33688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35393", + "refsource": "OSVDB", + "url": "http://osvdb.org/35393" + }, + { + "name": "sitebar-index-integrator-file-include(33688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33688" + }, + { + "name": "2586", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2586" + }, + { + "name": "20070414 Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465860/100/0/threaded" + }, + { + "name": "35394", + "refsource": "OSVDB", + "url": "http://osvdb.org/35394" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2615.json b/2007/2xxx/CVE-2007-2615.json index 4ca562e5b6e..f6a7a5df51c 100644 --- a/2007/2xxx/CVE-2007-2615.json +++ b/2007/2xxx/CVE-2007-2615.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3875", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3875" - }, - { - "name" : "23879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23879" - }, - { - "name" : "ADV-2007-1735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1735" - }, - { - "name" : "37796", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37796" - }, - { - "name" : "37797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37797" - }, - { - "name" : "37798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37798" - }, - { - "name" : "phplojafacil-pathlocal-file-include(34178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phplojafacil-pathlocal-file-include(34178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34178" + }, + { + "name": "3875", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3875" + }, + { + "name": "ADV-2007-1735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1735" + }, + { + "name": "37797", + "refsource": "OSVDB", + "url": "http://osvdb.org/37797" + }, + { + "name": "37796", + "refsource": "OSVDB", + "url": "http://osvdb.org/37796" + }, + { + "name": "37798", + "refsource": "OSVDB", + "url": "http://osvdb.org/37798" + }, + { + "name": "23879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23879" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2675.json b/2007/2xxx/CVE-2007-2675.json index 86097567137..3afc76ee7bc 100644 --- a/2007/2xxx/CVE-2007-2675.json +++ b/2007/2xxx/CVE-2007-2675.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3840", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3840" - }, - { - "name" : "http://www.securityfocus.com/bid/52543/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/52543/exploit" - }, - { - "name" : "23795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23795" - }, - { - "name" : "52543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52543" - }, - { - "name" : "ADV-2007-1655", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1655" - }, - { - "name" : "35597", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35597" - }, - { - "name" : "25144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25144" - }, - { - "name" : "preclassifiedlistings-search-sql-injection(34037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3840", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3840" + }, + { + "name": "preclassifiedlistings-search-sql-injection(34037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34037" + }, + { + "name": "ADV-2007-1655", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1655" + }, + { + "name": "23795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23795" + }, + { + "name": "http://www.securityfocus.com/bid/52543/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/52543/exploit" + }, + { + "name": "35597", + "refsource": "OSVDB", + "url": "http://osvdb.org/35597" + }, + { + "name": "25144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25144" + }, + { + "name": "52543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52543" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2945.json b/2007/2xxx/CVE-2007-2945.json index 820f1004b22..2b1b355f508 100644 --- a/2007/2xxx/CVE-2007-2945.json +++ b/2007/2xxx/CVE-2007-2945.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070526 RMForum Database Disclosure Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469716/100/0/threaded" - }, - { - "name" : "ADV-2007-1969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1969" - }, - { - "name" : "36696", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36696" - }, - { - "name" : "25455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25455" - }, - { - "name" : "2754", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2754" - }, - { - "name" : "rmforum-database-information-disclosure(34561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070526 RMForum Database Disclosure Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469716/100/0/threaded" + }, + { + "name": "36696", + "refsource": "OSVDB", + "url": "http://osvdb.org/36696" + }, + { + "name": "rmforum-database-information-disclosure(34561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34561" + }, + { + "name": "ADV-2007-1969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1969" + }, + { + "name": "2754", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2754" + }, + { + "name": "25455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25455" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3264.json b/2007/3xxx/CVE-2007-3264.json index 5ead3b3c8de..dfc920fa62a 100644 --- a/2007/3xxx/CVE-2007-3264.json +++ b/2007/3xxx/CVE-2007-3264.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "24505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24505" - }, - { - "name" : "41611", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41611" - }, - { - "name" : "ADV-2007-2234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2234" - }, - { - "name" : "25704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25704" - }, - { - "name" : "websphere-pdtools-unspecified(34904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "websphere-pdtools-unspecified(34904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34904" + }, + { + "name": "25704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25704" + }, + { + "name": "ADV-2007-2234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2234" + }, + { + "name": "24505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24505" + }, + { + "name": "41611", + "refsource": "OSVDB", + "url": "http://osvdb.org/41611" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3536.json b/2007/3xxx/CVE-2007-3536.json index 8313514529c..e040b7125cf 100644 --- a/2007/3xxx/CVE-2007-3536.json +++ b/2007/3xxx/CVE-2007-3536.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4123", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4123" - }, - { - "name" : "24703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24703" - }, - { - "name" : "ADV-2007-2387", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2387" - }, - { - "name" : "37672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37672" - }, - { - "name" : "25891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25891" - }, - { - "name" : "amxnetlinx-hostpasswordlogfile-bo(35155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "amxnetlinx-hostpasswordlogfile-bo(35155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35155" + }, + { + "name": "24703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24703" + }, + { + "name": "37672", + "refsource": "OSVDB", + "url": "http://osvdb.org/37672" + }, + { + "name": "4123", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4123" + }, + { + "name": "25891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25891" + }, + { + "name": "ADV-2007-2387", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2387" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3896.json b/2007/3xxx/CVE-2007-3896.json index 999db374d42..586908227cb 100644 --- a/2007/3xxx/CVE-2007-3896.json +++ b/2007/3xxx/CVE-2007-3896.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071011 M$ will fix URI?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482090/100/0/threaded" - }, - { - "name" : "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482292/100/0/threaded" - }, - { - "name" : "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482437/100/0/threaded" - }, - { - "name" : "20071004 Re: 0day: mIRC pwns Windows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481505/100/0/threaded" - }, - { - "name" : "20071004 Re[2]: 0day: mIRC pwns Windows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481493/100/100/threaded" - }, - { - "name" : "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481624/100/0/threaded" - }, - { - "name" : "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481664/100/0/threaded" - }, - { - "name" : "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481671/100/0/threaded" - }, - { - "name" : "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481680/100/0/threaded" - }, - { - "name" : "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481881/100/0/threaded" - }, - { - "name" : "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481846/100/0/threaded" - }, - { - "name" : "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481839/100/0/threaded" - }, - { - "name" : "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481887/100/0/threaded" - }, - { - "name" : "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481867/100/0/threaded" - }, - { - "name" : "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481871/100/0/threaded" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=577", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=577" - }, - { - "name" : "http://www.heise-security.co.uk/news/96982", - "refsource" : "MISC", - "url" : "http://www.heise-security.co.uk/news/96982" - }, - { - "name" : "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/", - "refsource" : "MISC", - "url" : "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" - }, - { - "name" : "20071003 0day: mIRC pwns Windows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119143780202107&w=2" - }, - { - "name" : "20071003 Re: 0day: mIRC pwns Windows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119144449915918&w=2" - }, - { - "name" : "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119159924712561&w=2" - }, - { - "name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119168062128026&w=2" - }, - { - "name" : "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119195904813505&w=2" - }, - { - "name" : "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=119194714125580&w=2" - }, - { - "name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119171444628628&w=2" - }, - { - "name" : "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119159477404263&w=2" - }, - { - "name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119168727402084&w=2" - }, - { - "name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119170531020020&w=2" - }, - { - "name" : "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119175323322021&w=2" - }, - { - "name" : "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119180333805950&w=2" - }, - { - "name" : "HPSBST02291", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/484186/100/0/threaded" - }, - { - "name" : "SSRT071498", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/484186/100/0/threaded" - }, - { - "name" : "MS07-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061" - }, - { - "name" : "943521", - "refsource" : "MSKB", - "url" : "http://www.microsoft.com/technet/security/advisory/943521.mspx" - }, - { - "name" : "TA07-317A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-317A.html" - }, - { - "name" : "VU#403150", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/403150" - }, - { - "name" : "25945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25945" - }, - { - "name" : "oval:org.mitre.oval:def:4581", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581" - }, - { - "name" : "1018822", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018822" - }, - { - "name" : "1018831", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018831" - }, - { - "name" : "26201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded" + }, + { + "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2" + }, + { + "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded" + }, + { + "name": "http://www.heise-security.co.uk/news/96982", + "refsource": "MISC", + "url": "http://www.heise-security.co.uk/news/96982" + }, + { + "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded" + }, + { + "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded" + }, + { + "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2" + }, + { + "name": "http://blogs.zdnet.com/security/?p=577", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=577" + }, + { + "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded" + }, + { + "name": "HPSBST02291", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded" + }, + { + "name": "26201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26201" + }, + { + "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2" + }, + { + "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2" + }, + { + "name": "SSRT071498", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:4581", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581" + }, + { + "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/", + "refsource": "MISC", + "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" + }, + { + "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2" + }, + { + "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded" + }, + { + "name": "1018831", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018831" + }, + { + "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2" + }, + { + "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2" + }, + { + "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded" + }, + { + "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded" + }, + { + "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded" + }, + { + "name": "TA07-317A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html" + }, + { + "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2" + }, + { + "name": "943521", + "refsource": "MSKB", + "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx" + }, + { + "name": "20071004 Re[2]: 0day: mIRC pwns Windows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded" + }, + { + "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded" + }, + { + "name": "MS07-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061" + }, + { + "name": "25945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25945" + }, + { + "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded" + }, + { + "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded" + }, + { + "name": "VU#403150", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/403150" + }, + { + "name": "20071011 M$ will fix URI?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded" + }, + { + "name": "20071003 0day: mIRC pwns Windows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2" + }, + { + "name": "20071004 Re: 0day: mIRC pwns Windows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded" + }, + { + "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2" + }, + { + "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2" + }, + { + "name": "20071003 Re: 0day: mIRC pwns Windows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2" + }, + { + "name": "1018822", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018822" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6679.json b/2007/6xxx/CVE-2007-6679.json index 14d31398fa2..2ff265c307c 100644 --- a/2007/6xxx/CVE-2007-6679.json +++ b/2007/6xxx/CVE-2007-6679.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to \"security concerns with monitor role users.\" NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "PK45768", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only" - }, - { - "name" : "ADV-2007-3955", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3955" - }, - { - "name" : "ADV-2008-0241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0241" - }, - { - "name" : "1019174", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019174" - }, - { - "name" : "28588", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to \"security concerns with monitor role users.\" NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3955", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3955" + }, + { + "name": "1019174", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019174" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "ADV-2008-0241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0241" + }, + { + "name": "28588", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28588" + }, + { + "name": "PK45768", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6735.json b/2007/6xxx/CVE-2007-6735.json index 9d514be391a..018cc2852f2 100644 --- a/2007/6xxx/CVE-2007-6735.json +++ b/2007/6xxx/CVE-2007-6735.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=260459", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=260459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=260459", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=260459" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1435.json b/2010/1xxx/CVE-2010-1435.json index 9100dca16a7..423ce236e39 100644 --- a/2010/1xxx/CVE-2010-1435.json +++ b/2010/1xxx/CVE-2010-1435.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1435", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1435", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1779.json b/2010/1xxx/CVE-2010-1779.json index a3e011f1369..113b4458c10 100644 --- a/2010/1xxx/CVE-2010-1779.json +++ b/2010/1xxx/CVE-2010-1779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5190.json b/2010/5xxx/CVE-2010-5190.json index 644b9bafbbf..02d681b41dd 100644 --- a/2010/5xxx/CVE-2010-5190.json +++ b/2010/5xxx/CVE-2010-5190.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA48", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA48", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA48" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5214.json b/2010/5xxx/CVE-2010-5214.json index 27bea973499..9731f9446bb 100644 --- a/2010/5xxx/CVE-2010-5214.json +++ b/2010/5xxx/CVE-2010-5214.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dtp file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" - }, - { - "name" : "41498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dtp file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" + }, + { + "name": "41498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41498" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0085.json b/2014/0xxx/CVE-2014-0085.json index f7abc7602f0..50be5dcd8a9 100644 --- a/2014/0xxx/CVE-2014-0085.json +++ b/2014/0xxx/CVE-2014-0085.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0702.json b/2014/0xxx/CVE-2014-0702.json index fdf4c7e796b..8c9d503da71 100644 --- a/2014/0xxx/CVE-2014-0702.json +++ b/2014/0xxx/CVE-2014-0702.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0702", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-0702", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0762.json b/2014/0xxx/CVE-2014-0762.json index 738efc64114..8432183fcd9 100644 --- a/2014/0xxx/CVE-2014-0762.json +++ b/2014/0xxx/CVE-2014-0762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0835.json b/2014/0xxx/CVE-2014-0835.json index 31b056c3db5..46df164c018 100644 --- a/2014/0xxx/CVE-2014-0835.json +++ b/2014/0xxx/CVE-2014-0835.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140124 ADV: IBM QRadar SIEM", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jan/166" - }, - { - "name" : "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html", - "refsource" : "MISC", - "url" : "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066" - }, - { - "name" : "65127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65127" - }, - { - "name" : "102554", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102554" - }, - { - "name" : "56653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56653" - }, - { - "name" : "ibm-qradar-cve20140835-csrf(90678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65127" + }, + { + "name": "ibm-qradar-cve20140835-csrf(90678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90678" + }, + { + "name": "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html", + "refsource": "MISC", + "url": "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066" + }, + { + "name": "102554", + "refsource": "OSVDB", + "url": "http://osvdb.org/102554" + }, + { + "name": "20140124 ADV: IBM QRadar SIEM", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jan/166" + }, + { + "name": "56653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56653" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0933.json b/2014/0xxx/CVE-2014-0933.json index 781f46e536a..6aeb0b53dbb 100644 --- a/2014/0xxx/CVE-2014-0933.json +++ b/2014/0xxx/CVE-2014-0933.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671141", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671141" - }, - { - "name" : "JR49605", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605" - }, - { - "name" : "ibm-iismw-cve20140933-csrf(92273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-iismw-cve20140933-csrf(92273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92273" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671141", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671141" + }, + { + "name": "JR49605", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1846.json b/2014/1xxx/CVE-2014-1846.json index 48a419e74b2..f30da74a5f4 100644 --- a/2014/1xxx/CVE-2014-1846.json +++ b/2014/1xxx/CVE-2014-1846.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" - }, - { - "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", - "refsource" : "CONFIRM", - "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" - }, - { - "name" : "enlightenment-configuration-priv-esc(91215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", + "refsource": "CONFIRM", + "url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" + }, + { + "name": "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/03/19" + }, + { + "name": "enlightenment-configuration-priv-esc(91215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1947.json b/2014/1xxx/CVE-2014-1947.json index 59bae2343f0..8a9da2c49b8 100644 --- a/2014/1xxx/CVE-2014-1947.json +++ b/2014/1xxx/CVE-2014-1947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1973.json b/2014/1xxx/CVE-2014-1973.json index 03187f00e5a..1b5018932e6 100644 --- a/2014/1xxx/CVE-2014-1973.json +++ b/2014/1xxx/CVE-2014-1973.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-1973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#84335912", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN84335912/index.html" - }, - { - "name" : "JVNDB-2014-000081", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000081" - }, - { - "name" : "68726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68726" + }, + { + "name": "JVN#84335912", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN84335912/index.html" + }, + { + "name": "JVNDB-2014-000081", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000081" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5420.json b/2014/5xxx/CVE-2014-5420.json index 0e2879b1c5c..69468e519d1 100644 --- a/2014/5xxx/CVE-2014-5420.json +++ b/2014/5xxx/CVE-2014-5420.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5664.json b/2014/5xxx/CVE-2014-5664.json index 22155d4080b..889ff0c5a41 100644 --- a/2014/5xxx/CVE-2014-5664.json +++ b/2014/5xxx/CVE-2014-5664.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#194329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/194329" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#194329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/194329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2167.json b/2015/2xxx/CVE-2015-2167.json index 2d5c27ef0cc..255e1c70ea0 100644 --- a/2015/2xxx/CVE-2015-2167.json +++ b/2015/2xxx/CVE-2015-2167.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html" - }, - { - "name" : "73934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html" + }, + { + "name": "73934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73934" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2762.json b/2015/2xxx/CVE-2015-2762.json index d66a7815f56..f9d8aff25dc 100644 --- a/2015/2xxx/CVE-2015-2762.json +++ b/2015/2xxx/CVE-2015-2762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" - }, - { - "name" : "73412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" + }, + { + "name": "73412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73412" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2926.json b/2015/2xxx/CVE-2015-2926.json index 85bb148a3e6..3cdd41a3b46 100644 --- a/2015/2xxx/CVE-2015-2926.json +++ b/2015/2xxx/CVE-2015-2926.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150408 [CVE-2015-2926] XSS vuln in phpTrafficA", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535212/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html" - }, - { - "name" : "74046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html" + }, + { + "name": "74046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74046" + }, + { + "name": "20150408 [CVE-2015-2926] XSS vuln in phpTrafficA", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535212/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2941.json b/2015/2xxx/CVE-2015-2941.json index 28071dba7c9..3ee10202030 100644 --- a/2015/2xxx/CVE-2015-2941.json +++ b/2015/2xxx/CVE-2015-2941.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" - }, - { - "name" : "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/01/1" - }, - { - "name" : "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/07/3" - }, - { - "name" : "https://phabricator.wikimedia.org/T85851", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T85851" - }, - { - "name" : "GLSA-201510-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-05" - }, - { - "name" : "73477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201510-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-05" + }, + { + "name": "https://phabricator.wikimedia.org/T85851", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T85851" + }, + { + "name": "73477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73477" + }, + { + "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3" + }, + { + "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1" + }, + { + "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10352.json b/2016/10xxx/CVE-2016-10352.json index 78b1ee36963..0ba966b7095 100644 --- a/2016/10xxx/CVE-2016-10352.json +++ b/2016/10xxx/CVE-2016-10352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10352", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-10352", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10480.json b/2016/10xxx/CVE-2016-10480.json index 909ac0a6e3e..b6510def108 100644 --- a/2016/10xxx/CVE-2016-10480.json +++ b/2016/10xxx/CVE-2016-10480.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow to buffer overflow in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow to buffer overflow in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10600.json b/2016/10xxx/CVE-2016-10600.json index 0cff26f64dd..ac1c21badf4 100644 --- a/2016/10xxx/CVE-2016-10600.json +++ b/2016/10xxx/CVE-2016-10600.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "webrtc-native node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "webrtc-native node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/176", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/176", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/176" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4645.json b/2016/4xxx/CVE-2016-4645.json index 16cf8863f86..a73d4fdd264 100644 --- a/2016/4xxx/CVE-2016-4645.json +++ b/2016/4xxx/CVE-2016-4645.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206903", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206903" - }, - { - "name" : "APPLE-SA-2016-07-18-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" - }, - { - "name" : "91824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91824" - }, - { - "name" : "1036348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91824" + }, + { + "name": "APPLE-SA-2016-07-18-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" + }, + { + "name": "1036348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036348" + }, + { + "name": "https://support.apple.com/HT206903", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206903" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4692.json b/2016/4xxx/CVE-2016-4692.json index 35ca83ff2e6..34b700afc3a 100644 --- a/2016/4xxx/CVE-2016-4692.json +++ b/2016/4xxx/CVE-2016-4692.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207421", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207421" - }, - { - "name" : "https://support.apple.com/HT207422", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207422" - }, - { - "name" : "https://support.apple.com/HT207424", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207424" - }, - { - "name" : "https://support.apple.com/HT207427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207427" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "94907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94907" - }, - { - "name" : "1037459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207427" + }, + { + "name": "94907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94907" + }, + { + "name": "https://support.apple.com/HT207421", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207421" + }, + { + "name": "1037459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037459" + }, + { + "name": "https://support.apple.com/HT207422", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207422" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207424", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207424" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4758.json b/2016/4xxx/CVE-2016-4758.json index 9a67372a79e..8bdfa343cf9 100644 --- a/2016/4xxx/CVE-2016-4758.json +++ b/2016/4xxx/CVE-2016-4758.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html", - "refsource" : "MISC", - "url" : "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207157", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207157" - }, - { - "name" : "https://support.apple.com/HT207158", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207158" - }, - { - "name" : "APPLE-SA-2016-09-20-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-7", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" - }, - { - "name" : "93066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93066" - }, - { - "name" : "1036854", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html", + "refsource": "MISC", + "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html" + }, + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT207157", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207157" + }, + { + "name": "https://support.apple.com/HT207158", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207158" + }, + { + "name": "93066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93066" + }, + { + "name": "1036854", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036854" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + }, + { + "name": "APPLE-SA-2016-09-20-7", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" + }, + { + "name": "APPLE-SA-2016-09-20-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8084.json b/2016/8xxx/CVE-2016-8084.json index 750da155363..e32163a6321 100644 --- a/2016/8xxx/CVE-2016-8084.json +++ b/2016/8xxx/CVE-2016-8084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8084", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8084", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8090.json b/2016/8xxx/CVE-2016-8090.json index bf5f3ff90ed..b9df1636daa 100644 --- a/2016/8xxx/CVE-2016-8090.json +++ b/2016/8xxx/CVE-2016-8090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8090", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-8090", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8123.json b/2016/8xxx/CVE-2016-8123.json index d697a24d1b3..bd8f59b8af9 100644 --- a/2016/8xxx/CVE-2016-8123.json +++ b/2016/8xxx/CVE-2016-8123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8148.json b/2016/8xxx/CVE-2016-8148.json index 7d9277982f9..b9e735f7d2d 100644 --- a/2016/8xxx/CVE-2016-8148.json +++ b/2016/8xxx/CVE-2016-8148.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8148", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8148", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9295.json b/2016/9xxx/CVE-2016-9295.json index ca904a0644b..242055aa399 100644 --- a/2016/9xxx/CVE-2016-9295.json +++ b/2016/9xxx/CVE-2016-9295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9911.json b/2016/9xxx/CVE-2016-9911.json index 7b773f29a59..a9e6ff8f13c 100644 --- a/2016/9xxx/CVE-2016-9911.json +++ b/2016/9xxx/CVE-2016-9911.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/12/08/5" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "GLSA-201701-49", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-49" - }, - { - "name" : "RHSA-2017:2392", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2392" - }, - { - "name" : "RHSA-2017:2408", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2408" - }, - { - "name" : "94762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "94762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94762" + }, + { + "name": "RHSA-2017:2392", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2392" + }, + { + "name": "GLSA-201701-49", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-49" + }, + { + "name": "RHSA-2017:2408", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2408" + }, + { + "name": "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/5" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2299.json b/2019/2xxx/CVE-2019-2299.json index 54a676fd8dd..5c75aca9427 100644 --- a/2019/2xxx/CVE-2019-2299.json +++ b/2019/2xxx/CVE-2019-2299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2426.json b/2019/2xxx/CVE-2019-2426.json index 9bb1ffd062e..fdd4fae30e0 100644 --- a/2019/2xxx/CVE-2019-2426.json +++ b/2019/2xxx/CVE-2019-2426.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 7u201, 8u192, 11.0.1" - }, - { - "version_affected" : "=", - "version_value" : "Java SE Embedded: 8u191" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 7u201, 8u192, 11.0.1" + }, + { + "version_affected": "=", + "version_value": "Java SE Embedded: 8u191" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" - }, - { - "name" : "GLSA-201903-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-14" - }, - { - "name" : "106590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0001/" + }, + { + "name": "GLSA-201903-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-14" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106590" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2550.json b/2019/2xxx/CVE-2019-2550.json index 0d818df8ad8..e17816aacb5 100644 --- a/2019/2xxx/CVE-2019-2550.json +++ b/2019/2xxx/CVE-2019-2550.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Direct Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Direct Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106613" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2752.json b/2019/2xxx/CVE-2019-2752.json index c6e732091dd..5287e377c49 100644 --- a/2019/2xxx/CVE-2019-2752.json +++ b/2019/2xxx/CVE-2019-2752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2999.json b/2019/2xxx/CVE-2019-2999.json index b7a194b509b..2536533d7b2 100644 --- a/2019/2xxx/CVE-2019-2999.json +++ b/2019/2xxx/CVE-2019-2999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3832.json b/2019/3xxx/CVE-2019-3832.json index 22730cf5273..461721132c4 100644 --- a/2019/3xxx/CVE-2019-3832.json +++ b/2019/3xxx/CVE-2019-3832.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3832", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3832", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3838.json b/2019/3xxx/CVE-2019-3838.json index a7b07f7fc14..2daef16fb21 100644 --- a/2019/3xxx/CVE-2019-3838.json +++ b/2019/3xxx/CVE-2019-3838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6038.json b/2019/6xxx/CVE-2019-6038.json index 1708139da08..8f45f04727c 100644 --- a/2019/6xxx/CVE-2019-6038.json +++ b/2019/6xxx/CVE-2019-6038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6213.json b/2019/6xxx/CVE-2019-6213.json index f3dcd9f1cfb..d7f8e449a72 100644 --- a/2019/6xxx/CVE-2019-6213.json +++ b/2019/6xxx/CVE-2019-6213.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "macOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "macOS Mojave 10.14.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - }, - { - "product_name" : "watchOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "watchOS 5.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "An application may be able to execute arbitrary code with kernel privileges" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 5.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46300", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46300/" - }, - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209446", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209446" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "https://support.apple.com/HT209448", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209448" - }, - { - "name" : "106739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT209446", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209446" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "https://support.apple.com/HT209448", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209448" + }, + { + "name": "106739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106739" + }, + { + "name": "46300", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46300/" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6359.json b/2019/6xxx/CVE-2019-6359.json index 4805754896b..b4c8d04e2bc 100644 --- a/2019/6xxx/CVE-2019-6359.json +++ b/2019/6xxx/CVE-2019-6359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6359", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6359", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6406.json b/2019/6xxx/CVE-2019-6406.json index ac4116681ba..0668e7df439 100644 --- a/2019/6xxx/CVE-2019-6406.json +++ b/2019/6xxx/CVE-2019-6406.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6406", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6406", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7006.json b/2019/7xxx/CVE-2019-7006.json index 7e3482d2e01..82f4ead0d29 100644 --- a/2019/7xxx/CVE-2019-7006.json +++ b/2019/7xxx/CVE-2019-7006.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "securityalerts@avaya.com", - "DATE_PUBLIC" : "2019-02-26T07:00:00.000Z", - "ID" : "CVE-2019-7006", - "STATE" : "PUBLIC", - "TITLE" : "Avaya one-X Communicator Weak Encryption" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "DATE_PUBLIC": "2019-02-26T07:00:00.000Z", + "ID": "CVE-2019-7006", + "STATE": "PUBLIC", + "TITLE": "Avaya one-X Communicator Weak Encryption" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downloads.avaya.com/css/P8/documents/101055601", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101055601" - }, - { - "name" : "https://downloads.avaya.com/css/P8/documents/101055661", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101055661" - }, - { - "name" : "107175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107175" - } - ] - }, - "source" : { - "advisory" : "ASA-2019-046" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107175" + }, + { + "name": "https://downloads.avaya.com/css/P8/documents/101055661", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101055661" + }, + { + "name": "https://downloads.avaya.com/css/P8/documents/101055601", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101055601" + } + ] + }, + "source": { + "advisory": "ASA-2019-046" + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7553.json b/2019/7xxx/CVE-2019-7553.json index 6a62fbaaba4..457c489d1d2 100644 --- a/2019/7xxx/CVE-2019-7553.json +++ b/2019/7xxx/CVE-2019-7553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7675.json b/2019/7xxx/CVE-2019-7675.json index 795c322423a..024e9396427 100644 --- a/2019/7xxx/CVE-2019-7675.json +++ b/2019/7xxx/CVE-2019-7675.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb", - "refsource" : "MISC", - "url" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb", + "refsource": "MISC", + "url": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7891.json b/2019/7xxx/CVE-2019-7891.json index 2a009e6984d..80fe0648767 100644 --- a/2019/7xxx/CVE-2019-7891.json +++ b/2019/7xxx/CVE-2019-7891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7923.json b/2019/7xxx/CVE-2019-7923.json index 971e707541a..075bd037b15 100644 --- a/2019/7xxx/CVE-2019-7923.json +++ b/2019/7xxx/CVE-2019-7923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file