From 50ebdf2fab82fb1308edc5d288e6d335422b1616 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:54:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0737.json | 120 +++++++-------- 1999/0xxx/CVE-1999-0975.json | 120 +++++++-------- 2007/0xxx/CVE-2007-0400.json | 140 +++++++++--------- 2007/0xxx/CVE-2007-0925.json | 160 ++++++++++---------- 2007/1xxx/CVE-2007-1257.json | 200 ++++++++++++------------- 2007/1xxx/CVE-2007-1606.json | 190 ++++++++++++------------ 2007/1xxx/CVE-2007-1695.json | 130 ++++++++-------- 2007/1xxx/CVE-2007-1706.json | 160 ++++++++++---------- 2007/1xxx/CVE-2007-1825.json | 150 +++++++++---------- 2007/5xxx/CVE-2007-5030.json | 180 +++++++++++----------- 2007/5xxx/CVE-2007-5220.json | 160 ++++++++++---------- 2007/5xxx/CVE-2007-5647.json | 150 +++++++++---------- 2007/5xxx/CVE-2007-5818.json | 160 ++++++++++---------- 2007/5xxx/CVE-2007-5839.json | 210 +++++++++++++------------- 2007/5xxx/CVE-2007-5920.json | 160 ++++++++++---------- 2015/3xxx/CVE-2015-3008.json | 210 +++++++++++++------------- 2015/3xxx/CVE-2015-3038.json | 200 ++++++++++++------------- 2015/3xxx/CVE-2015-3603.json | 34 ++--- 2015/3xxx/CVE-2015-3692.json | 170 ++++++++++----------- 2015/3xxx/CVE-2015-3944.json | 34 ++--- 2015/4xxx/CVE-2015-4436.json | 34 ++--- 2015/4xxx/CVE-2015-4666.json | 150 +++++++++---------- 2015/7xxx/CVE-2015-7118.json | 34 ++--- 2015/7xxx/CVE-2015-7382.json | 120 +++++++-------- 2015/7xxx/CVE-2015-7717.json | 120 +++++++-------- 2015/8xxx/CVE-2015-8388.json | 210 +++++++++++++------------- 2015/8xxx/CVE-2015-8552.json | 230 ++++++++++++++--------------- 2015/8xxx/CVE-2015-8646.json | 230 ++++++++++++++--------------- 2015/8xxx/CVE-2015-8764.json | 130 ++++++++-------- 2015/8xxx/CVE-2015-8981.json | 150 +++++++++---------- 2015/9xxx/CVE-2015-9006.json | 130 ++++++++-------- 2015/9xxx/CVE-2015-9075.json | 34 ++--- 2016/0xxx/CVE-2016-0510.json | 130 ++++++++-------- 2016/1xxx/CVE-2016-1352.json | 130 ++++++++-------- 2016/1xxx/CVE-2016-1505.json | 180 +++++++++++----------- 2016/1xxx/CVE-2016-1570.json | 140 +++++++++--------- 2016/1xxx/CVE-2016-1816.json | 150 +++++++++---------- 2016/5xxx/CVE-2016-5614.json | 152 +++++++++---------- 2016/5xxx/CVE-2016-5787.json | 140 +++++++++--------- 2016/5xxx/CVE-2016-5890.json | 140 +++++++++--------- 2016/5xxx/CVE-2016-5909.json | 34 ++--- 2016/5xxx/CVE-2016-5955.json | 130 ++++++++-------- 2018/2xxx/CVE-2018-2014.json | 34 ++--- 2018/2xxx/CVE-2018-2530.json | 34 ++--- 2018/2xxx/CVE-2018-2585.json | 160 ++++++++++---------- 2018/2xxx/CVE-2018-2749.json | 214 +++++++++++++-------------- 2019/0xxx/CVE-2019-0086.json | 34 ++--- 2019/0xxx/CVE-2019-0512.json | 34 ++--- 2019/0xxx/CVE-2019-0758.json | 34 ++--- 2019/0xxx/CVE-2019-0887.json | 34 ++--- 2019/1000xxx/CVE-2019-1000012.json | 136 ++++++++--------- 2019/1xxx/CVE-2019-1151.json | 34 ++--- 2019/1xxx/CVE-2019-1152.json | 34 ++--- 2019/1xxx/CVE-2019-1198.json | 34 ++--- 2019/1xxx/CVE-2019-1363.json | 34 ++--- 2019/1xxx/CVE-2019-1567.json | 34 ++--- 2019/4xxx/CVE-2019-4230.json | 34 ++--- 2019/4xxx/CVE-2019-4739.json | 34 ++--- 2019/4xxx/CVE-2019-4869.json | 34 ++--- 2019/4xxx/CVE-2019-4926.json | 34 ++--- 2019/5xxx/CVE-2019-5013.json | 34 ++--- 2019/5xxx/CVE-2019-5447.json | 34 ++--- 2019/5xxx/CVE-2019-5633.json | 34 ++--- 2019/5xxx/CVE-2019-5986.json | 34 ++--- 2019/9xxx/CVE-2019-9142.json | 120 +++++++-------- 2019/9xxx/CVE-2019-9426.json | 34 ++--- 2019/9xxx/CVE-2019-9603.json | 120 +++++++-------- 67 files changed, 3683 insertions(+), 3683 deletions(-) diff --git a/1999/0xxx/CVE-1999-0737.json b/1999/0xxx/CVE-1999-0737.json index 9f24c7ceb30..9ed4eeff0ba 100644 --- a/1999/0xxx/CVE-1999-0737.json +++ b/1999/0xxx/CVE-1999-0737.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS99-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS99-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0975.json b/1999/0xxx/CVE-1999-0975.json index 8e426c2ed09..5e6be63076c 100644 --- a/1999/0xxx/CVE-1999-0975.json +++ b/1999/0xxx/CVE-1999-0975.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/868" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0400.json b/2007/0xxx/CVE-2007-0400.json index 9bc4300bb38..87f60fe3549 100644 --- a/2007/0xxx/CVE-2007-0400.json +++ b/2007/0xxx/CVE-2007-0400.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070120 Login Manager Multiple HTML Injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457505/100/0/threaded" - }, - { - "name" : "2167", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2167" - }, - { - "name" : "loginmanager-memberlist-xss(31614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "loginmanager-memberlist-xss(31614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31614" + }, + { + "name": "2167", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2167" + }, + { + "name": "20070120 Login Manager Multiple HTML Injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457505/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0925.json b/2007/0xxx/CVE-2007-0925.json index 67e6ba1a573..7953b1c1102 100644 --- a/2007/0xxx/CVE-2007-0925.json +++ b/2007/0xxx/CVE-2007-0925.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070209 XSS in communityserver !", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459848/100/0/threaded" - }, - { - "name" : "22529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22529" - }, - { - "name" : "33717", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33717" - }, - { - "name" : "2241", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2241" - }, - { - "name" : "communityserver-searchresults-xss(32444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "communityserver-searchresults-xss(32444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32444" + }, + { + "name": "2241", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2241" + }, + { + "name": "33717", + "refsource": "OSVDB", + "url": "http://osvdb.org/33717" + }, + { + "name": "20070209 XSS in communityserver !", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459848/100/0/threaded" + }, + { + "name": "22529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22529" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1257.json b/2007/1xxx/CVE-2007-1257.json index 506aef2a9a0..73ab3b880ec 100644 --- a/2007/1xxx/CVE-2007-1257.json +++ b/2007/1xxx/CVE-2007-1257.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml" - }, - { - "name" : "VU#472412", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/472412" - }, - { - "name" : "22751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22751" - }, - { - "name" : "oval:org.mitre.oval:def:5188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188" - }, - { - "name" : "ADV-2007-0783", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0783" - }, - { - "name" : "33066", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33066" - }, - { - "name" : "1017710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017710" - }, - { - "name" : "24344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24344" - }, - { - "name" : "cisco-catalyst-nam-unauthorized-access(32750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml" + }, + { + "name": "VU#472412", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/472412" + }, + { + "name": "ADV-2007-0783", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0783" + }, + { + "name": "24344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24344" + }, + { + "name": "22751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22751" + }, + { + "name": "33066", + "refsource": "OSVDB", + "url": "http://osvdb.org/33066" + }, + { + "name": "oval:org.mitre.oval:def:5188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188" + }, + { + "name": "cisco-catalyst-nam-unauthorized-access(32750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750" + }, + { + "name": "1017710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017710" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1606.json b/2007/1xxx/CVE-2007-1606.json index 17fba68d4e1..1384f19c09f 100644 --- a/2007/1xxx/CVE-2007-1606.json +++ b/2007/1xxx/CVE-2007-1606.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070320 w-agora [multiples file upload,xss,full path disclosure,error sql]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463286/100/0/threaded" - }, - { - "name" : "23057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23057" - }, - { - "name" : "34377", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34377" - }, - { - "name" : "34378", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34378" - }, - { - "name" : "34379", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34379" - }, - { - "name" : "24605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24605" - }, - { - "name" : "2462", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2462" - }, - { - "name" : "wagora-multiple-xss(33175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34379", + "refsource": "OSVDB", + "url": "http://osvdb.org/34379" + }, + { + "name": "20070320 w-agora [multiples file upload,xss,full path disclosure,error sql]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463286/100/0/threaded" + }, + { + "name": "wagora-multiple-xss(33175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33175" + }, + { + "name": "34378", + "refsource": "OSVDB", + "url": "http://osvdb.org/34378" + }, + { + "name": "2462", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2462" + }, + { + "name": "34377", + "refsource": "OSVDB", + "url": "http://osvdb.org/34377" + }, + { + "name": "24605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24605" + }, + { + "name": "23057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23057" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1695.json b/2007/1xxx/CVE-2007-1695.json index 3f112edf245..a2dcb3e0467 100644 --- a/2007/1xxx/CVE-2007-1695.json +++ b/2007/1xxx/CVE-2007-1695.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070324 BOGUS: Remote File Include In phpBB-2.0.19", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463817/100/0/threaded" - }, - { - "name" : "20070324 Remote File Include In phpBB-2.0.19", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463718/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070324 BOGUS: Remote File Include In phpBB-2.0.19", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463817/100/0/threaded" + }, + { + "name": "20070324 Remote File Include In phpBB-2.0.19", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463718/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1706.json b/2007/1xxx/CVE-2007-1706.json index d4f1b8b5097..bc163bed7c4 100644 --- a/2007/1xxx/CVE-2007-1706.json +++ b/2007/1xxx/CVE-2007-1706.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3558", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3558" - }, - { - "name" : "ADV-2007-1101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1101" - }, - { - "name" : "34439", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34439" - }, - { - "name" : "24653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24653" - }, - { - "name" : "ewebquiz-ewebquiz-sql-injection(33195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3558", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3558" + }, + { + "name": "24653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24653" + }, + { + "name": "ewebquiz-ewebquiz-sql-injection(33195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33195" + }, + { + "name": "34439", + "refsource": "OSVDB", + "url": "http://osvdb.org/34439" + }, + { + "name": "ADV-2007-1101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1101" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1825.json b/2007/1xxx/CVE-2007-1825.json index 22dc824e7b5..f619d1ae388 100644 --- a/2007/1xxx/CVE-2007-1825.json +++ b/2007/1xxx/CVE-2007-1825.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/MOPB-40-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/MOPB-40-2007.html" - }, - { - "name" : "23234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23234" - }, - { - "name" : "oval:org.mitre.oval:def:10377", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10377" - }, - { - "name" : "php-imapmailcompose-bo(33534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10377", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10377" + }, + { + "name": "http://www.php-security.org/MOPB/MOPB-40-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/MOPB-40-2007.html" + }, + { + "name": "23234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23234" + }, + { + "name": "php-imapmailcompose-bo(33534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33534" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5030.json b/2007/5xxx/CVE-2007-5030.json index d610ae6430e..4a311c5e52c 100644 --- a/2007/5xxx/CVE-2007-5030.json +++ b/2007/5xxx/CVE-2007-5030.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070918 [MU-200709-02] Dibbler Remote Denial of Service Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065892.html" - }, - { - "name" : "http://klub.com.pl/dhcpv6/", - "refsource" : "MISC", - "url" : "http://klub.com.pl/dhcpv6/" - }, - { - "name" : "http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt", - "refsource" : "MISC", - "url" : "http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt" - }, - { - "name" : "25726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25726" - }, - { - "name" : "40568", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40568" - }, - { - "name" : "26876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26876" - }, - { - "name" : "dibbler-optionlength-dos(36684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dibbler-optionlength-dos(36684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36684" + }, + { + "name": "20070918 [MU-200709-02] Dibbler Remote Denial of Service Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065892.html" + }, + { + "name": "40568", + "refsource": "OSVDB", + "url": "http://osvdb.org/40568" + }, + { + "name": "26876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26876" + }, + { + "name": "http://klub.com.pl/dhcpv6/", + "refsource": "MISC", + "url": "http://klub.com.pl/dhcpv6/" + }, + { + "name": "http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt", + "refsource": "MISC", + "url": "http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt" + }, + { + "name": "25726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25726" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5220.json b/2007/5xxx/CVE-2007-5220.json index 9b03a47eab9..99dba0929a4 100644 --- a/2007/5xxx/CVE-2007-5220.json +++ b/2007/5xxx/CVE-2007-5220.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070930 ASP Product catalog SQL injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481211/100/0/threaded" - }, - { - "name" : "25884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25884" - }, - { - "name" : "ADV-2007-3345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3345" - }, - { - "name" : "38555", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38555" - }, - { - "name" : "3189", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38555", + "refsource": "OSVDB", + "url": "http://osvdb.org/38555" + }, + { + "name": "ADV-2007-3345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3345" + }, + { + "name": "25884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25884" + }, + { + "name": "20070930 ASP Product catalog SQL injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481211/100/0/threaded" + }, + { + "name": "3189", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3189" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5647.json b/2007/5xxx/CVE-2007-5647.json index 8cbd7dd11c4..74305cb1d27 100644 --- a/2007/5xxx/CVE-2007-5647.json +++ b/2007/5xxx/CVE-2007-5647.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0710-exploits/socketkb-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0710-exploits/socketkb-xss.txt" - }, - { - "name" : "26136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26136" - }, - { - "name" : "27286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27286" - }, - { - "name" : "socketkb-multiple-xss(37394)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27286" + }, + { + "name": "http://packetstormsecurity.org/0710-exploits/socketkb-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0710-exploits/socketkb-xss.txt" + }, + { + "name": "socketkb-multiple-xss(37394)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37394" + }, + { + "name": "26136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26136" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5818.json b/2007/5xxx/CVE-2007-5818.json index c2b05f6bea2..37ff8757412 100644 --- a/2007/5xxx/CVE-2007-5818.json +++ b/2007/5xxx/CVE-2007-5818.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071101 sBlog 0.7.3 Beta Cross Site Request Forgery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483108/100/0/threaded" - }, - { - "name" : "http://0x90.com.ar/Advisory/20071031.txt", - "refsource" : "MISC", - "url" : "http://0x90.com.ar/Advisory/20071031.txt" - }, - { - "name" : "27485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27485" - }, - { - "name" : "3341", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3341" - }, - { - "name" : "sblog-block-csrf(38216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3341", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3341" + }, + { + "name": "http://0x90.com.ar/Advisory/20071031.txt", + "refsource": "MISC", + "url": "http://0x90.com.ar/Advisory/20071031.txt" + }, + { + "name": "27485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27485" + }, + { + "name": "20071101 sBlog 0.7.3 Beta Cross Site Request Forgery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483108/100/0/threaded" + }, + { + "name": "sblog-block-csrf(38216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38216" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5839.json b/2007/5xxx/CVE-2007-5839.json index d2b4c19cb0f..3a077363f54 100644 --- a/2007/5xxx/CVE-2007-5839.json +++ b/2007/5xxx/CVE-2007-5839.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149" - }, - { - "name" : "GLSA-200807-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-12.xml" - }, - { - "name" : "SSA:2009-116-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737" - }, - { - "name" : "26326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26326" - }, - { - "name" : "34870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34870" - }, - { - "name" : "ADV-2007-3714", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3714" - }, - { - "name" : "42061", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42061" - }, - { - "name" : "27463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27463" - }, - { - "name" : "31180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31180" - }, - { - "name" : "bitchx-ehostname-symlink(38262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149" + }, + { + "name": "SSA:2009-116-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.285737" + }, + { + "name": "34870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34870" + }, + { + "name": "27463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27463" + }, + { + "name": "26326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26326" + }, + { + "name": "31180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31180" + }, + { + "name": "ADV-2007-3714", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3714" + }, + { + "name": "42061", + "refsource": "OSVDB", + "url": "http://osvdb.org/42061" + }, + { + "name": "GLSA-200807-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-12.xml" + }, + { + "name": "bitchx-ehostname-symlink(38262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38262" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5920.json b/2007/5xxx/CVE-2007-5920.json index 2734f9b7059..a569ab053ff 100644 --- a/2007/5xxx/CVE-2007-5920.json +++ b/2007/5xxx/CVE-2007-5920.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://picoflat.altervista.org/", - "refsource" : "MISC", - "url" : "http://picoflat.altervista.org/" - }, - { - "name" : "26362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26362" - }, - { - "name" : "42106", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42106" - }, - { - "name" : "27504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27504" - }, - { - "name" : "picoflat-picoinsert-security-bypass(38310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "picoflat-picoinsert-security-bypass(38310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38310" + }, + { + "name": "26362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26362" + }, + { + "name": "http://picoflat.altervista.org/", + "refsource": "MISC", + "url": "http://picoflat.altervista.org/" + }, + { + "name": "42106", + "refsource": "OSVDB", + "url": "http://osvdb.org/42106" + }, + { + "name": "27504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27504" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3008.json b/2015/3xxx/CVE-2015-3008.json index f95ae9e3743..e381c8943a6 100644 --- a/2015/3xxx/CVE-2015-3008.json +++ b/2015/3xxx/CVE-2015-3008.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535222/100/0/threaded" - }, - { - "name" : "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/22" - }, - { - "name" : "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2015-003.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2015-003.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0153.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0153.html" - }, - { - "name" : "DSA-3700", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3700" - }, - { - "name" : "FEDORA-2015-5948", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html" - }, - { - "name" : "MDVSA-2015:206", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206" - }, - { - "name" : "74022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74022" - }, - { - "name" : "1032052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html" + }, + { + "name": "74022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74022" + }, + { + "name": "MDVSA-2015:206", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0153.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0153.html" + }, + { + "name": "1032052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032052" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2015-003.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html" + }, + { + "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/22" + }, + { + "name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded" + }, + { + "name": "DSA-3700", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3700" + }, + { + "name": "FEDORA-2015-5948", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3038.json b/2015/3xxx/CVE-2015-3038.json index 5b423595fa9..9632860c05b 100644 --- a/2015/3xxx/CVE-2015-3038.json +++ b/2015/3xxx/CVE-2015-3038.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" - }, - { - "name" : "GLSA-201504-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-07" - }, - { - "name" : "RHSA-2015:0813", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html" - }, - { - "name" : "SUSE-SU-2015:0722", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:0723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:0718", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "74062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74062" - }, - { - "name" : "1032105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0718", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" + }, + { + "name": "SUSE-SU-2015:0722", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" + }, + { + "name": "74062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74062" + }, + { + "name": "GLSA-201504-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-07" + }, + { + "name": "1032105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032105" + }, + { + "name": "RHSA-2015:0813", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + }, + { + "name": "SUSE-SU-2015:0723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3603.json b/2015/3xxx/CVE-2015-3603.json index 0c4a0900fd3..f368474d18e 100644 --- a/2015/3xxx/CVE-2015-3603.json +++ b/2015/3xxx/CVE-2015-3603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3692.json b/2015/3xxx/CVE-2015-3692.json index ef175b1a7e7..45bebcebe52 100644 --- a/2015/3xxx/CVE-2015-3692.json +++ b/2015/3xxx/CVE-2015-3692.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT204934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204934" - }, - { - "name" : "http://support.apple.com/kb/HT204942", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204942" - }, - { - "name" : "APPLE-SA-2015-06-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-06-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html" - }, - { - "name" : "75495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75495" - }, - { - "name" : "1032444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-06-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html" + }, + { + "name": "APPLE-SA-2015-06-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT204942", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204942" + }, + { + "name": "75495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75495" + }, + { + "name": "1032444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032444" + }, + { + "name": "http://support.apple.com/kb/HT204934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204934" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3944.json b/2015/3xxx/CVE-2015-3944.json index f75c2c9ddef..2481d19d33f 100644 --- a/2015/3xxx/CVE-2015-3944.json +++ b/2015/3xxx/CVE-2015-3944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3944", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3944", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4436.json b/2015/4xxx/CVE-2015-4436.json index d1f7b0cf844..95fd7521bb3 100644 --- a/2015/4xxx/CVE-2015-4436.json +++ b/2015/4xxx/CVE-2015-4436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4436", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4436", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4666.json b/2015/4xxx/CVE-2015-4666.json index cc65821b858..a54ff4674d0 100644 --- a/2015/4xxx/CVE-2015-4666.json +++ b/2015/4xxx/CVE-2015-4666.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37708", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37708/" - }, - { - "name" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html" - }, - { - "name" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", - "refsource" : "MISC", - "url" : "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt" - }, - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + }, + { + "name": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html" + }, + { + "name": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt", + "refsource": "MISC", + "url": "http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt" + }, + { + "name": "37708", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37708/" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7118.json b/2015/7xxx/CVE-2015-7118.json index 56dfaa387ef..e026e2d54f5 100644 --- a/2015/7xxx/CVE-2015-7118.json +++ b/2015/7xxx/CVE-2015-7118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7118", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7118", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7382.json b/2015/7xxx/CVE-2015-7382.json index df39182d5aa..871d2e199bc 100644 --- a/2015/7xxx/CVE-2015-7382.json +++ b/2015/7xxx/CVE-2015-7382.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#374092", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/374092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#374092", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/374092" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7717.json b/2015/7xxx/CVE-2015-7717.json index 1bef9dc26df..bdbe69cef6b 100644 --- a/2015/7xxx/CVE-2015-7717.json +++ b/2015/7xxx/CVE-2015-7717.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8388.json b/2015/8xxx/CVE-2015-8388.json index c03581053dd..bc82ac792ff 100644 --- a/2015/8xxx/CVE-2015-8388.json +++ b/2015/8xxx/CVE-2015-8388.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151128 Re: Heap Overflow in PCRE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/29/1" - }, - { - "name" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "refsource" : "CONFIRM", - "url" : "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa128", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa128" - }, - { - "name" : "GLSA-201607-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-02" - }, - { - "name" : "RHSA-2016:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1025.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "85576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151128 Re: Heap Overflow in PCRE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/29/1" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" + }, + { + "name": "RHSA-2016:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "85576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85576" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa128", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa128" + }, + { + "name": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", + "refsource": "CONFIRM", + "url": "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup" + }, + { + "name": "GLSA-201607-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8552.json b/2015/8xxx/CVE-2015-8552.json index e0b76499e82..a24729ad40b 100644 --- a/2015/8xxx/CVE-2015-8552.json +++ b/2015/8xxx/CVE-2015-8552.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-157.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-157.html" - }, - { - "name" : "DSA-3434", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3434" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "SUSE-SU-2016:1707", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" - }, - { - "name" : "SUSE-SU-2016:1764", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" - }, - { - "name" : "SUSE-SU-2016:1937", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2016:2105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:2184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "79546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79546" - }, - { - "name" : "1034480", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/advisory-157.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-157.html" + }, + { + "name": "1034480", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034480" + }, + { + "name": "openSUSE-SU-2016:2184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" + }, + { + "name": "SUSE-SU-2016:1764", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "SUSE-SU-2016:1707", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "SUSE-SU-2016:2105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" + }, + { + "name": "DSA-3434", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3434" + }, + { + "name": "79546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79546" + }, + { + "name": "SUSE-SU-2016:1937", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8646.json b/2015/8xxx/CVE-2015-8646.json index fa3f634fa07..66475e6b888 100644 --- a/2015/8xxx/CVE-2015-8646.json +++ b/2015/8xxx/CVE-2015-8646.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "RHSA-2015:2697", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2697.html" - }, - { - "name" : "SUSE-SU-2015:2401", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html" - }, - { - "name" : "SUSE-SU-2015:2402", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html" - }, - { - "name" : "openSUSE-SU-2015:2400", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html" - }, - { - "name" : "openSUSE-SU-2015:2403", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html" - }, - { - "name" : "79701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79701" - }, - { - "name" : "1034544", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2403", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html" + }, + { + "name": "1034544", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034544" + }, + { + "name": "RHSA-2015:2697", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2697.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html" + }, + { + "name": "SUSE-SU-2015:2401", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "SUSE-SU-2015:2402", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html" + }, + { + "name": "79701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79701" + }, + { + "name": "openSUSE-SU-2015:2400", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8764.json b/2015/8xxx/CVE-2015-8764.json index 9fade960527..e73d266ee51 100644 --- a/2015/8xxx/CVE-2015-8764.json +++ b/2015/8xxx/CVE-2015-8764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/08/7" - }, - { - "name" : "http://freeradius.org/security.html#eap-pwd-2015", - "refsource" : "CONFIRM", - "url" : "http://freeradius.org/security.html#eap-pwd-2015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://freeradius.org/security.html#eap-pwd-2015", + "refsource": "CONFIRM", + "url": "http://freeradius.org/security.html#eap-pwd-2015" + }, + { + "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8981.json b/2015/8xxx/CVE-2015-8981.json index 8ccab2e733e..972d5c273eb 100644 --- a/2015/8xxx/CVE-2015-8981.json +++ b/2015/8xxx/CVE-2015-8981.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Re: podofo: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/20" - }, - { - "name" : "[oss-security] 20170202 Re: podofo: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/15" - }, - { - "name" : "https://sourceforge.net/p/podofo/code/1672", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/podofo/code/1672" - }, - { - "name" : "https://sourceforge.net/p/podofo/mailman/message/34205419/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/podofo/mailman/message/34205419/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/podofo/mailman/message/34205419/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/podofo/mailman/message/34205419/" + }, + { + "name": "[oss-security] 20170201 Re: podofo: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/20" + }, + { + "name": "[oss-security] 20170202 Re: podofo: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/15" + }, + { + "name": "https://sourceforge.net/p/podofo/code/1672", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/podofo/code/1672" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9006.json b/2015/9xxx/CVE-2015-9006.json index a6137e303bf..85c0d1ddf3b 100644 --- a/2015/9xxx/CVE-2015-9006.json +++ b/2015/9xxx/CVE-2015-9006.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2015-9006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control Vulnerability in Resource Power Manager" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-9006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control Vulnerability in Resource Power Manager" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98321" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9075.json b/2015/9xxx/CVE-2015-9075.json index 188873d4665..3f995b6f872 100644 --- a/2015/9xxx/CVE-2015-9075.json +++ b/2015/9xxx/CVE-2015-9075.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9075", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9075", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0510.json b/2016/0xxx/CVE-2016-0510.json index 3c3a616a25d..405d3abe043 100644 --- a/2016/0xxx/CVE-2016-0510.json +++ b/2016/0xxx/CVE-2016-0510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1352.json b/2016/1xxx/CVE-2016-1352.json index d2ee9f93102..003bd65809b 100644 --- a/2016/1xxx/CVE-2016-1352.json +++ b/2016/1xxx/CVE-2016-1352.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160413 Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs" - }, - { - "name" : "1035565", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035565", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035565" + }, + { + "name": "20160413 Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1505.json b/2016/1xxx/CVE-2016-1505.json index 539118ef555..274e52a629c 100644 --- a/2016/1xxx/CVE-2016-1505.json +++ b/2016/1xxx/CVE-2016-1505.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160105 CVE request for radicale", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/05/7" - }, - { - "name" : "[oss-security] 20160106 Re: CVE request for radicale", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/06/4" - }, - { - "name" : "[oss-security] 20160106 Re: CVE request for radicale", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/06/7" - }, - { - "name" : "[oss-security] 20160107 Re: CVE request for radicale", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/07/7" - }, - { - "name" : "https://github.com/Kozea/Radicale/pull/343", - "refsource" : "CONFIRM", - "url" : "https://github.com/Kozea/Radicale/pull/343" - }, - { - "name" : "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6", - "refsource" : "CONFIRM", - "url" : "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6" - }, - { - "name" : "80255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/80255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160106 Re: CVE request for radicale", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/06/7" + }, + { + "name": "80255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/80255" + }, + { + "name": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6", + "refsource": "CONFIRM", + "url": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6" + }, + { + "name": "[oss-security] 20160105 CVE request for radicale", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/05/7" + }, + { + "name": "https://github.com/Kozea/Radicale/pull/343", + "refsource": "CONFIRM", + "url": "https://github.com/Kozea/Radicale/pull/343" + }, + { + "name": "[oss-security] 20160106 Re: CVE request for radicale", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/06/4" + }, + { + "name": "[oss-security] 20160107 Re: CVE request for radicale", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/07/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1570.json b/2016/1xxx/CVE-2016-1570.json index 20039fad39b..8500fd1e6b9 100644 --- a/2016/1xxx/CVE-2016-1570.json +++ b/2016/1xxx/CVE-2016-1570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-167.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-167.html" - }, - { - "name" : "DSA-3519", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3519" - }, - { - "name" : "1034744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3519", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3519" + }, + { + "name": "1034744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034744" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-167.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-167.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1816.json b/2016/1xxx/CVE-2016-1816.json index b5cca847307..7b89c1a731c 100644 --- a/2016/1xxx/CVE-2016-1816.json +++ b/2016/1xxx/CVE-2016-1816.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90696" - }, - { - "name" : "1035895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "90696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90696" + }, + { + "name": "1035895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035895" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5614.json b/2016/5xxx/CVE-2016-5614.json index f1ce4b398d2..5bc7f30263e 100644 --- a/2016/5xxx/CVE-2016-5614.json +++ b/2016/5xxx/CVE-2016-5614.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2016-5614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Private Banking", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.1" - }, - { - "version_value" : "2.2.0" - }, - { - "version_value" : "12.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Private Banking", + "version": { + "version_data": [ + { + "version_value": "2.0.1" + }, + { + "version_value": "2.2.0" + }, + { + "version_value": "12.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95474" - }, - { - "name" : "1037636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95474" + }, + { + "name": "1037636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037636" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5787.json b/2016/5xxx/CVE-2016-5787.json index 0e43cf94ebf..83ed95a1feb 100644 --- a/2016/5xxx/CVE-2016-5787.json +++ b/2016/5xxx/CVE-2016-5787.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-5787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02" - }, - { - "name" : "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01", - "refsource" : "CONFIRM", - "url" : "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01" - }, - { - "name" : "91727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02" + }, + { + "name": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01", + "refsource": "CONFIRM", + "url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01" + }, + { + "name": "91727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91727" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5890.json b/2016/5xxx/CVE-2016-5890.json index 413469e48e7..ea63bcd10b5 100644 --- a/2016/5xxx/CVE-2016-5890.json +++ b/2016/5xxx/CVE-2016-5890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989577", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989577" - }, - { - "name" : "IT16043", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043" - }, - { - "name" : "94391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT16043", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043" + }, + { + "name": "94391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94391" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989577", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989577" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5909.json b/2016/5xxx/CVE-2016-5909.json index 043fa1377c4..4002f2e66ec 100644 --- a/2016/5xxx/CVE-2016-5909.json +++ b/2016/5xxx/CVE-2016-5909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5955.json b/2016/5xxx/CVE-2016-5955.json index f7771b157b8..724191821a5 100644 --- a/2016/5xxx/CVE-2016-5955.json +++ b/2016/5xxx/CVE-2016-5955.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990054", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990054" - }, - { - "name" : "93154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93154" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990054", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990054" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2014.json b/2018/2xxx/CVE-2018-2014.json index 36249239bdd..4a1818d1d00 100644 --- a/2018/2xxx/CVE-2018-2014.json +++ b/2018/2xxx/CVE-2018-2014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2530.json b/2018/2xxx/CVE-2018-2530.json index f5cd16dab2c..36dc8b69074 100644 --- a/2018/2xxx/CVE-2018-2530.json +++ b/2018/2xxx/CVE-2018-2530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2585.json b/2018/2xxx/CVE-2018-2585.json index 3fa8bba20ec..0722fea0219 100644 --- a/2018/2xxx/CVE-2018-2585.json +++ b/2018/2xxx/CVE-2018-2585.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Connectors", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.9.9 and prior" - }, - { - "version_affected" : "=", - "version_value" : "6.10.4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Connectors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.9.9 and prior" + }, + { + "version_affected": "=", + "version_value": "6.10.4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "102674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102674" - }, - { - "name" : "1040216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102674" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + }, + { + "name": "1040216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040216" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2749.json b/2018/2xxx/CVE-2018-2749.json index 892bde49f0d..22b20a62923 100644 --- a/2018/2xxx/CVE-2018-2749.json +++ b/2018/2xxx/CVE-2018-2749.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Universal Banking", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3.0" - }, - { - "version_affected" : "=", - "version_value" : "11.4.0" - }, - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - }, - { - "version_affected" : "=", - "version_value" : "12.4.0" - }, - { - "version_affected" : "=", - "version_value" : "14.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3.0" + }, + { + "version_affected": "=", + "version_value": "11.4.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + }, + { + "version_affected": "=", + "version_value": "12.4.0" + }, + { + "version_affected": "=", + "version_value": "14.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103864" - }, - { - "name" : "1040693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103864" + }, + { + "name": "1040693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040693" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0086.json b/2019/0xxx/CVE-2019-0086.json index 234db67aa7d..d8b4b5a9bc7 100644 --- a/2019/0xxx/CVE-2019-0086.json +++ b/2019/0xxx/CVE-2019-0086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0086", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0086", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0512.json b/2019/0xxx/CVE-2019-0512.json index e7419f84b83..fa0704e707b 100644 --- a/2019/0xxx/CVE-2019-0512.json +++ b/2019/0xxx/CVE-2019-0512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0758.json b/2019/0xxx/CVE-2019-0758.json index 3fe6a96a43b..cb2c517075e 100644 --- a/2019/0xxx/CVE-2019-0758.json +++ b/2019/0xxx/CVE-2019-0758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0758", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0758", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0887.json b/2019/0xxx/CVE-2019-0887.json index 766a9639ae5..05cad916ebb 100644 --- a/2019/0xxx/CVE-2019-0887.json +++ b/2019/0xxx/CVE-2019-0887.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0887", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0887", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1000xxx/CVE-2019-1000012.json b/2019/1000xxx/CVE-2019-1000012.json index 8016acb7510..b43f584dff0 100644 --- a/2019/1000xxx/CVE-2019-1000012.json +++ b/2019/1000xxx/CVE-2019-1000012.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2019-01-22T21:21:10.020477", - "DATE_REQUESTED" : "2019-01-15T18:58:39", - "ID" : "CVE-2019-1000012", - "REQUESTER" : "bram.verburg@voltone.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2019-01-22T21:21:10.020477", + "DATE_REQUESTED": "2019-01-15T18:58:39", + "ID": "CVE-2019-1000012", + "REQUESTER": "bram.verburg@voltone.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hexpm/hex/pull/646", - "refsource" : "MISC", - "url" : "https://github.com/hexpm/hex/pull/646" - }, - { - "name" : "https://github.com/hexpm/hex/pull/651", - "refsource" : "MISC", - "url" : "https://github.com/hexpm/hex/pull/651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hexpm/hex/pull/651", + "refsource": "MISC", + "url": "https://github.com/hexpm/hex/pull/651" + }, + { + "name": "https://github.com/hexpm/hex/pull/646", + "refsource": "MISC", + "url": "https://github.com/hexpm/hex/pull/646" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1151.json b/2019/1xxx/CVE-2019-1151.json index 69f16c57137..a7de3925c4d 100644 --- a/2019/1xxx/CVE-2019-1151.json +++ b/2019/1xxx/CVE-2019-1151.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1151", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1151", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1152.json b/2019/1xxx/CVE-2019-1152.json index 21340f81335..34c2ac62e4a 100644 --- a/2019/1xxx/CVE-2019-1152.json +++ b/2019/1xxx/CVE-2019-1152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1152", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1152", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1198.json b/2019/1xxx/CVE-2019-1198.json index e61e98602df..4775d6eec5e 100644 --- a/2019/1xxx/CVE-2019-1198.json +++ b/2019/1xxx/CVE-2019-1198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1198", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1363.json b/2019/1xxx/CVE-2019-1363.json index 6ba09981ba1..6566d18a1df 100644 --- a/2019/1xxx/CVE-2019-1363.json +++ b/2019/1xxx/CVE-2019-1363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1567.json b/2019/1xxx/CVE-2019-1567.json index b222061458a..9c3ae39ef2d 100644 --- a/2019/1xxx/CVE-2019-1567.json +++ b/2019/1xxx/CVE-2019-1567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4230.json b/2019/4xxx/CVE-2019-4230.json index b15aa8d4e7e..4c2c9c1ae43 100644 --- a/2019/4xxx/CVE-2019-4230.json +++ b/2019/4xxx/CVE-2019-4230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4230", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4230", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4739.json b/2019/4xxx/CVE-2019-4739.json index 042e1752588..175813bfe05 100644 --- a/2019/4xxx/CVE-2019-4739.json +++ b/2019/4xxx/CVE-2019-4739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4869.json b/2019/4xxx/CVE-2019-4869.json index 79ec683f668..5c0df4521f0 100644 --- a/2019/4xxx/CVE-2019-4869.json +++ b/2019/4xxx/CVE-2019-4869.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4869", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4869", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4926.json b/2019/4xxx/CVE-2019-4926.json index 80cff690e44..8a945ee125a 100644 --- a/2019/4xxx/CVE-2019-4926.json +++ b/2019/4xxx/CVE-2019-4926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5013.json b/2019/5xxx/CVE-2019-5013.json index bcdc6ffd321..9070577523d 100644 --- a/2019/5xxx/CVE-2019-5013.json +++ b/2019/5xxx/CVE-2019-5013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5447.json b/2019/5xxx/CVE-2019-5447.json index cd0796d95fb..2d4a6b9fad9 100644 --- a/2019/5xxx/CVE-2019-5447.json +++ b/2019/5xxx/CVE-2019-5447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5633.json b/2019/5xxx/CVE-2019-5633.json index bc2c9611c7b..bc4771e2595 100644 --- a/2019/5xxx/CVE-2019-5633.json +++ b/2019/5xxx/CVE-2019-5633.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5633", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5986.json b/2019/5xxx/CVE-2019-5986.json index 3c87ec61b8c..d464b3b109c 100644 --- a/2019/5xxx/CVE-2019-5986.json +++ b/2019/5xxx/CVE-2019-5986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9142.json b/2019/9xxx/CVE-2019-9142.json index aa38c89fb01..ee655720d81 100644 --- a/2019/9xxx/CVE-2019-9142.json +++ b/2019/9xxx/CVE-2019-9142.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/b3log/symphony/issues/860", - "refsource" : "MISC", - "url" : "https://github.com/b3log/symphony/issues/860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/b3log/symphony/issues/860", + "refsource": "MISC", + "url": "https://github.com/b3log/symphony/issues/860" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9426.json b/2019/9xxx/CVE-2019-9426.json index 035a4c8be40..8a277a3e73c 100644 --- a/2019/9xxx/CVE-2019-9426.json +++ b/2019/9xxx/CVE-2019-9426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9603.json b/2019/9xxx/CVE-2019-9603.json index f7b93afeba0..744877d4e8b 100644 --- a/2019/9xxx/CVE-2019-9603.json +++ b/2019/9xxx/CVE-2019-9603.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bg5sbk/MiniCMS/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/bg5sbk/MiniCMS/issues/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bg5sbk/MiniCMS/issues/29", + "refsource": "MISC", + "url": "https://github.com/bg5sbk/MiniCMS/issues/29" + } + ] + } +} \ No newline at end of file