From 556af5470d4b86a8e45d41580eccce574cbdb816 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:22:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0004.json | 120 +++--- 1999/0xxx/CVE-1999-0266.json | 120 +++--- 1999/0xxx/CVE-1999-0450.json | 120 +++--- 1999/1xxx/CVE-1999-1579.json | 150 +++---- 2007/0xxx/CVE-2007-0498.json | 130 +++--- 2007/1xxx/CVE-2007-1052.json | 150 +++---- 2007/1xxx/CVE-2007-1222.json | 140 +++---- 2007/1xxx/CVE-2007-1303.json | 180 ++++----- 2007/1xxx/CVE-2007-1733.json | 200 ++++----- 2007/5xxx/CVE-2007-5215.json | 140 +++---- 2007/5xxx/CVE-2007-5417.json | 170 ++++---- 2007/5xxx/CVE-2007-5423.json | 260 ++++++------ 2007/5xxx/CVE-2007-5461.json | 760 +++++++++++++++++------------------ 2015/3xxx/CVE-2015-3030.json | 120 +++--- 2015/3xxx/CVE-2015-3053.json | 150 +++---- 2015/3xxx/CVE-2015-3219.json | 180 ++++----- 2015/3xxx/CVE-2015-3528.json | 34 +- 2015/3xxx/CVE-2015-3630.json | 160 ++++---- 2015/3xxx/CVE-2015-3967.json | 120 +++--- 2015/4xxx/CVE-2015-4447.json | 140 +++---- 2015/7xxx/CVE-2015-7218.json | 220 +++++----- 2015/7xxx/CVE-2015-7719.json | 34 +- 2015/7xxx/CVE-2015-7817.json | 130 +++--- 2015/8xxx/CVE-2015-8374.json | 320 +++++++-------- 2015/8xxx/CVE-2015-8858.json | 140 +++---- 2015/8xxx/CVE-2015-8923.json | 220 +++++----- 2015/8xxx/CVE-2015-8982.json | 160 ++++---- 2015/9xxx/CVE-2015-9108.json | 132 +++--- 2016/0xxx/CVE-2016-0960.json | 190 ++++----- 2016/1xxx/CVE-2016-1144.json | 140 +++---- 2016/1xxx/CVE-2016-1226.json | 150 +++---- 2016/1xxx/CVE-2016-1438.json | 130 +++--- 2016/1xxx/CVE-2016-1472.json | 150 +++---- 2016/1xxx/CVE-2016-1866.json | 130 +++--- 2016/1xxx/CVE-2016-1897.json | 230 +++++------ 2016/5xxx/CVE-2016-5074.json | 130 +++--- 2016/5xxx/CVE-2016-5278.json | 210 +++++----- 2016/5xxx/CVE-2016-5414.json | 130 +++--- 2016/5xxx/CVE-2016-5748.json | 120 +++--- 2018/2xxx/CVE-2018-2185.json | 34 +- 2018/2xxx/CVE-2018-2872.json | 198 ++++----- 2019/0xxx/CVE-2019-0030.json | 212 +++++----- 2019/0xxx/CVE-2019-0567.json | 256 ++++++------ 2019/0xxx/CVE-2019-0625.json | 366 ++++++++--------- 2019/0xxx/CVE-2019-0709.json | 34 +- 2019/1xxx/CVE-2019-1117.json | 34 +- 2019/1xxx/CVE-2019-1138.json | 34 +- 2019/1xxx/CVE-2019-1873.json | 34 +- 2019/1xxx/CVE-2019-1935.json | 34 +- 2019/4xxx/CVE-2019-4130.json | 34 +- 2019/4xxx/CVE-2019-4165.json | 34 +- 2019/4xxx/CVE-2019-4287.json | 34 +- 2019/4xxx/CVE-2019-4303.json | 34 +- 2019/5xxx/CVE-2019-5342.json | 34 +- 2019/5xxx/CVE-2019-5346.json | 34 +- 2019/5xxx/CVE-2019-5759.json | 162 ++++---- 2019/5xxx/CVE-2019-5946.json | 34 +- 2019/9xxx/CVE-2019-9049.json | 120 +++--- 2019/9xxx/CVE-2019-9358.json | 34 +- 2019/9xxx/CVE-2019-9542.json | 34 +- 2019/9xxx/CVE-2019-9628.json | 34 +- 61 files changed, 4234 insertions(+), 4234 deletions(-) diff --git a/1999/0xxx/CVE-1999-0004.json b/1999/0xxx/CVE-1999-0004.json index 86a47dc8a62..8aa6244c363 100644 --- a/1999/0xxx/CVE-1999-0004.json +++ b/1999/0xxx/CVE-1999-0004.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS98-008", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS98-008", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-008" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0266.json b/1999/0xxx/CVE-1999-0266.json index 1ec97840320..a391cd0c14f 100644 --- a/1999/0xxx/CVE-1999-0266.json +++ b/1999/0xxx/CVE-1999-0266.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The info2www CGI script allows remote file access or remote command execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The info2www CGI script allows remote file access or remote command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1995" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0450.json b/1999/0xxx/CVE-1999-0450.json index 5df97f2327c..9ee89c5d475 100644 --- a/1999/0xxx/CVE-1999-0450.json +++ b/1999/0xxx/CVE-1999-0450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/194" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1579.json b/1999/1xxx/CVE-1999-1579.json index c812f647967..ca8172323e1 100644 --- a/1999/1xxx/CVE-1999-1579.json +++ b/1999/1xxx/CVE-1999-1579.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q242366", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];242366" - }, - { - "name" : "VU#3062", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/3062" - }, - { - "name" : "6827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6827" - }, - { - "name" : "winnt-xenroll-dos(7107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winnt-xenroll-dos(7107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7107" + }, + { + "name": "Q242366", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];242366" + }, + { + "name": "VU#3062", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/3062" + }, + { + "name": "6827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6827" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0498.json b/2007/0xxx/CVE-2007-0498.json index 6c75c7f5bd0..fa92bc8794b 100644 --- a/2007/0xxx/CVE-2007-0498.json +++ b/2007/0xxx/CVE-2007-0498.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3165" - }, - { - "name" : "31603", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3165" + }, + { + "name": "31603", + "refsource": "OSVDB", + "url": "http://osvdb.org/31603" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1052.json b/2007/1xxx/CVE-2007-1052.json index c1a4c32436b..ba26a4b7653 100644 --- a/2007/1xxx/CVE-2007-1052.json +++ b/2007/1xxx/CVE-2007-1052.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460315/100/0/threaded" - }, - { - "name" : "20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2007-February/001356.html" - }, - { - "name" : "33737", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33737" - }, - { - "name" : "2269", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33737", + "refsource": "OSVDB", + "url": "http://osvdb.org/33737" + }, + { + "name": "20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460315/100/0/threaded" + }, + { + "name": "20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2007-February/001356.html" + }, + { + "name": "2269", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2269" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1222.json b/2007/1xxx/CVE-2007-1222.json index b829f51ee4f..f97139187a7 100644 --- a/2007/1xxx/CVE-2007-1222.json +++ b/2007/1xxx/CVE-2007-1222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20070216 Minor Virtualization Vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html" - }, - { - "name" : "33799", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33799" - }, - { - "name" : "24171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33799", + "refsource": "OSVDB", + "url": "http://osvdb.org/33799" + }, + { + "name": "24171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24171" + }, + { + "name": "[dailydave] 20070216 Minor Virtualization Vulnerability", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1303.json b/2007/1xxx/CVE-2007-1303.json index 586d407748a..16bee5a4a7d 100644 --- a/2007/1xxx/CVE-2007-1303.json +++ b/2007/1xxx/CVE-2007-1303.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070304 Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461911/100/0/threaded" - }, - { - "name" : "http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt", - "refsource" : "MISC", - "url" : "http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt" - }, - { - "name" : "http://www.rrdbrowse.org/index.php", - "refsource" : "CONFIRM", - "url" : "http://www.rrdbrowse.org/index.php" - }, - { - "name" : "22817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22817" - }, - { - "name" : "ADV-2007-0834", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0834" - }, - { - "name" : "2349", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2349" - }, - { - "name" : "rrdbrowse-file-directory-traversal(32793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rrdbrowse-file-directory-traversal(32793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32793" + }, + { + "name": "20070304 Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461911/100/0/threaded" + }, + { + "name": "22817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22817" + }, + { + "name": "http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt", + "refsource": "MISC", + "url": "http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt" + }, + { + "name": "http://www.rrdbrowse.org/index.php", + "refsource": "CONFIRM", + "url": "http://www.rrdbrowse.org/index.php" + }, + { + "name": "ADV-2007-0834", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0834" + }, + { + "name": "2349", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2349" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1733.json b/2007/1xxx/CVE-2007-1733.json index 78eb829c69b..05a7aa01666 100644 --- a/2007/1xxx/CVE-2007-1733.json +++ b/2007/1xxx/CVE-2007-1733.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070327 Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463931/100/0/threaded" - }, - { - "name" : "3589", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3589" - }, - { - "name" : "http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37", - "refsource" : "MISC", - "url" : "http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37" - }, - { - "name" : "23179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23179" - }, - { - "name" : "ADV-2007-1137", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1137" - }, - { - "name" : "34503", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34503" - }, - { - "name" : "24673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24673" - }, - { - "name" : "2483", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2483" - }, - { - "name" : "navicopa-cgi-bo(33296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2483", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2483" + }, + { + "name": "3589", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3589" + }, + { + "name": "http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37", + "refsource": "MISC", + "url": "http://www.skilltube.com/index.php?option=com_content&task=view&id=13&Itemid=37" + }, + { + "name": "34503", + "refsource": "OSVDB", + "url": "http://osvdb.org/34503" + }, + { + "name": "23179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23179" + }, + { + "name": "20070327 Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463931/100/0/threaded" + }, + { + "name": "navicopa-cgi-bo(33296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33296" + }, + { + "name": "24673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24673" + }, + { + "name": "ADV-2007-1137", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1137" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5215.json b/2007/5xxx/CVE-2007-5215.json index 4af5cbb6b63..32871831c24 100644 --- a/2007/5xxx/CVE-2007-5215.json +++ b/2007/5xxx/CVE-2007-5215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arfis.wordpress.com/2007/09/13/rfi-02-godsend/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/13/rfi-02-godsend/" - }, - { - "name" : "38551", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38551" - }, - { - "name" : "38552", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38552", + "refsource": "OSVDB", + "url": "http://osvdb.org/38552" + }, + { + "name": "38551", + "refsource": "OSVDB", + "url": "http://osvdb.org/38551" + }, + { + "name": "http://arfis.wordpress.com/2007/09/13/rfi-02-godsend/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/13/rfi-02-godsend/" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5417.json b/2007/5xxx/CVE-2007-5417.json index a2af1dd5ba2..ae2441954b1 100644 --- a/2007/5xxx/CVE-2007-5417.json +++ b/2007/5xxx/CVE-2007-5417.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071010 Vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482006/100/0/threaded" - }, - { - "name" : "http://securityvulns.com/Sdocument42.html", - "refsource" : "MISC", - "url" : "http://securityvulns.com/Sdocument42.html" - }, - { - "name" : "http://securityvulns.com/source26994.html", - "refsource" : "MISC", - "url" : "http://securityvulns.com/source26994.html" - }, - { - "name" : "26032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26032" - }, - { - "name" : "43632", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43632" - }, - { - "name" : "3216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityvulns.com/Sdocument42.html", + "refsource": "MISC", + "url": "http://securityvulns.com/Sdocument42.html" + }, + { + "name": "20071010 Vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded" + }, + { + "name": "http://securityvulns.com/source26994.html", + "refsource": "MISC", + "url": "http://securityvulns.com/source26994.html" + }, + { + "name": "3216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3216" + }, + { + "name": "26032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26032" + }, + { + "name": "43632", + "refsource": "OSVDB", + "url": "http://osvdb.org/43632" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5423.json b/2007/5xxx/CVE-2007-5423.json index 2d1a7fc2b0d..179cb84cb18 100644 --- a/2007/5xxx/CVE-2007-5423.json +++ b/2007/5xxx/CVE-2007-5423.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071010 Vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482006/100/0/threaded" - }, - { - "name" : "20071011 Tikiwiki 1.9.8 exploit ITW", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482128/100/0/threaded" - }, - { - "name" : "4509", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4509" - }, - { - "name" : "http://securityvulns.ru/Sdocument162.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Sdocument162.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=195503", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=195503" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=744898", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=744898" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258" - }, - { - "name" : "GLSA-200710-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml" - }, - { - "name" : "26006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26006" - }, - { - "name" : "ADV-2007-3492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3492" - }, - { - "name" : "40478", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40478" - }, - { - "name" : "27190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27190" - }, - { - "name" : "27344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27344" - }, - { - "name" : "3216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3216" - }, - { - "name" : "tikiwiki-tikigraphformula-command-execution(37076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200710-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml" + }, + { + "name": "ADV-2007-3492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3492" + }, + { + "name": "http://securityvulns.ru/Sdocument162.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Sdocument162.html" + }, + { + "name": "20071010 Vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded" + }, + { + "name": "26006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26006" + }, + { + "name": "27344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27344" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=195503", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=195503" + }, + { + "name": "40478", + "refsource": "OSVDB", + "url": "http://osvdb.org/40478" + }, + { + "name": "3216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3216" + }, + { + "name": "tikiwiki-tikigraphformula-command-execution(37076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076" + }, + { + "name": "20071011 Tikiwiki 1.9.8 exploit ITW", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=744898", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=744898" + }, + { + "name": "4509", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4509" + }, + { + "name": "27190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27190" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5461.json b/2007/5xxx/CVE-2007-5461.json index 877f508f061..63aa2743a56 100644 --- a/2007/5xxx/CVE-2007-5461.json +++ b/2007/5xxx/CVE-2007-5461.json @@ -1,382 +1,382 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119239530508382" - }, - { - "name" : "4530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4530" - }, - { - "name" : "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E" - }, - { - "name" : "http://issues.apache.org/jira/browse/GERONIMO-3549", - "refsource" : "MISC", - "url" : "http://issues.apache.org/jira/browse/GERONIMO-3549" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21286112", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21286112" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" - }, - { - "name" : "http://support.apple.com/kb/HT2163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2163" - }, - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "APPLE-SA-2008-06-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "DSA-1447", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1447" - }, - { - "name" : "DSA-1453", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1453" - }, - { - "name" : "FEDORA-2007-3456", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" - }, - { - "name" : "GLSA-200804-10", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-10.xml" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "MDKSA-2007:241", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" - }, - { - "name" : "MDVSA-2009:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" - }, - { - "name" : "RHSA-2008:0042", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0042.html" - }, - { - "name" : "RHSA-2008:0195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0195.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html" - }, - { - "name" : "RHSA-2008:0862", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0862.html" - }, - { - "name" : "239312", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "26070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26070" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "oval:org.mitre.oval:def:9202", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "ADV-2007-3622", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3622" - }, - { - "name" : "ADV-2007-3671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3671" - }, - { - "name" : "ADV-2007-3674", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3674" - }, - { - "name" : "ADV-2008-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1856/references" - }, - { - "name" : "ADV-2008-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1981/references" - }, - { - "name" : "ADV-2008-1979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1979/references" - }, - { - "name" : "ADV-2008-2823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2823" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "1018864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018864" - }, - { - "name" : "27398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27398" - }, - { - "name" : "27446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27446" - }, - { - "name" : "27481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27481" - }, - { - "name" : "27727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27727" - }, - { - "name" : "28317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28317" - }, - { - "name" : "28361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28361" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29313" - }, - { - "name" : "29711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29711" - }, - { - "name" : "30676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30676" - }, - { - "name" : "30802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30802" - }, - { - "name" : "30908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30908" - }, - { - "name" : "30899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30899" - }, - { - "name" : "31493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31493" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "32120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32120" - }, - { - "name" : "32266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32266" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "apache-tomcat-webdav-dir-traversal(37243)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1453", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1453" + }, + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "30908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30908" + }, + { + "name": "http://support.apple.com/kb/HT2163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2163" + }, + { + "name": "[tomcat-users] 20071015 [Security] - Important vulnerability disclosed in Apache Tomcat webdav servlet", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E" + }, + { + "name": "26070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26070" + }, + { + "name": "27446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27446" + }, + { + "name": "20071014 Apache Tomcat Rem0Te FiLe DiscloSure ZeroDay", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119239530508382" + }, + { + "name": "30676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30676" + }, + { + "name": "RHSA-2008:0630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" + }, + { + "name": "239312", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" + }, + { + "name": "apache-tomcat-webdav-dir-traversal(37243)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37243" + }, + { + "name": "oval:org.mitre.oval:def:9202", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9202" + }, + { + "name": "RHSA-2008:0862", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" + }, + { + "name": "ADV-2008-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1981/references" + }, + { + "name": "30899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30899" + }, + { + "name": "FEDORA-2007-3456", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html" + }, + { + "name": "31493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31493" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "ADV-2008-2823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2823" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "ADV-2008-1979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1979/references" + }, + { + "name": "29313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29313" + }, + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "32120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32120" + }, + { + "name": "ADV-2007-3671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3671" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "27398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27398" + }, + { + "name": "RHSA-2008:0042", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "1018864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018864" + }, + { + "name": "28361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28361" + }, + { + "name": "28317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28317" + }, + { + "name": "APPLE-SA-2008-06-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" + }, + { + "name": "ADV-2007-3674", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3674" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "30802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30802" + }, + { + "name": "RHSA-2008:0195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html" + }, + { + "name": "GLSA-200804-10", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml" + }, + { + "name": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/2007/10/18/potential-vulnerability-in-apache-tomcat-webdav-servlet.html" + }, + { + "name": "ADV-2007-3622", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3622" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21286112" + }, + { + "name": "27727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27727" + }, + { + "name": "ADV-2008-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1856/references" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "4530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4530" + }, + { + "name": "MDVSA-2009:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" + }, + { + "name": "DSA-1447", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1447" + }, + { + "name": "27481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27481" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "MDKSA-2007:241", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241" + }, + { + "name": "29711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29711" + }, + { + "name": "http://issues.apache.org/jira/browse/GERONIMO-3549", + "refsource": "MISC", + "url": "http://issues.apache.org/jira/browse/GERONIMO-3549" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "32266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32266" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3030.json b/2015/3xxx/CVE-2015-3030.json index ab397e97884..87394459f76 100644 --- a/2015/3xxx/CVE-2015-3030.json +++ b/2015/3xxx/CVE-2015-3030.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10112", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10112", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10112" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3053.json b/2015/3xxx/CVE-2015-3053.json index 3973db63635..a63cf3b0b64 100644 --- a/2015/3xxx/CVE-2015-3053.json +++ b/2015/3xxx/CVE-2015-3053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-215", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-215" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html" - }, - { - "name" : "74602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74602" - }, - { - "name" : "1032284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html" + }, + { + "name": "1032284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032284" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-215", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-215" + }, + { + "name": "74602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74602" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3219.json b/2015/3xxx/CVE-2015-3219.json index 7186339d931..afe02897822 100644 --- a/2015/3xxx/CVE-2015-3219.json +++ b/2015/3xxx/CVE-2015-3219.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html" - }, - { - "name" : "[oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/09/7" - }, - { - "name" : "https://bugs.launchpad.net/horizon/+bug/1453074", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/horizon/+bug/1453074" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3617", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3617" - }, - { - "name" : "RHSA-2015:1679", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1679.html" - }, - { - "name" : "75109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html" + }, + { + "name": "https://bugs.launchpad.net/horizon/+bug/1453074", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/horizon/+bug/1453074" + }, + { + "name": "75109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75109" + }, + { + "name": "DSA-3617", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3617" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "RHSA-2015:1679", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html" + }, + { + "name": "[oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/09/7" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3528.json b/2015/3xxx/CVE-2015-3528.json index 6cbbbf8e207..a88c2610626 100644 --- a/2015/3xxx/CVE-2015-3528.json +++ b/2015/3xxx/CVE-2015-3528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3528", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3528", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3630.json b/2015/3xxx/CVE-2015-3630.json index 6ca7fad87a4..73e64c622c3 100644 --- a/2015/3xxx/CVE-2015-3630.json +++ b/2015/3xxx/CVE-2015-3630.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150508 Docker 1.6.1 - Security Advisory [150507]", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/28" - }, - { - "name" : "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" - }, - { - "name" : "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" - }, - { - "name" : "openSUSE-SU-2015:0905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" - }, - { - "name" : "74566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ" + }, + { + "name": "20150508 Docker 1.6.1 - Security Advisory [150507]", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/28" + }, + { + "name": "openSUSE-SU-2015:0905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html" + }, + { + "name": "74566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74566" + }, + { + "name": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3967.json b/2015/3xxx/CVE-2015-3967.json index 1af2618c653..50d61237cde 100644 --- a/2015/3xxx/CVE-2015-3967.json +++ b/2015/3xxx/CVE-2015-3967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-3967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4447.json b/2015/4xxx/CVE-2015-4447.json index 5e03549bb68..88d7eaad2ed 100644 --- a/2015/4xxx/CVE-2015-4447.json +++ b/2015/4xxx/CVE-2015-4447.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-4447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75737" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75737" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7218.json b/2015/7xxx/CVE-2015-7218.json index fa9a945b6a7..60a70c494f2 100644 --- a/2015/7xxx/CVE-2015-7218.json +++ b/2015/7xxx/CVE-2015-7218.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-142.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-142.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1194818", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1194818" - }, - { - "name" : "FEDORA-2015-51b1105902", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html" - }, - { - "name" : "FEDORA-2015-7ab3d3afcf", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2016:0307", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:0308", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:2353", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html" - }, - { - "name" : "USN-2833-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2833-1" - }, - { - "name" : "79280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79280" - }, - { - "name" : "1034426", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "openSUSE-SU-2015:2353", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194818", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194818" + }, + { + "name": "openSUSE-SU-2016:0308", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" + }, + { + "name": "FEDORA-2015-7ab3d3afcf", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-142.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-142.html" + }, + { + "name": "USN-2833-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2833-1" + }, + { + "name": "79280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79280" + }, + { + "name": "openSUSE-SU-2016:0307", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" + }, + { + "name": "FEDORA-2015-51b1105902", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html" + }, + { + "name": "1034426", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034426" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7719.json b/2015/7xxx/CVE-2015-7719.json index 31132e30cd8..02c1ccf4fff 100644 --- a/2015/7xxx/CVE-2015-7719.json +++ b/2015/7xxx/CVE-2015-7719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7719", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7719", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7817.json b/2015/7xxx/CVE-2015-7817.json index ddb8dde916f..54f3bcae2d1 100644 --- a/2015/7xxx/CVE-2015-7817.json +++ b/2015/7xxx/CVE-2015-7817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-553/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-553/" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/len_2015_074", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/len_2015_074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-553/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-553/" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/len_2015_074", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/len_2015_074" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8374.json b/2015/8xxx/CVE-2015-8374.json index b13e1fffd42..5641e350516 100644 --- a/2015/8xxx/CVE-2015-8374.json +++ b/2015/8xxx/CVE-2015-8374.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/27/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1286261", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1286261" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "DSA-3426", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3426" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "USN-2886-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2886-1" - }, - { - "name" : "USN-2887-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2887-1" - }, - { - "name" : "USN-2887-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2887-2" - }, - { - "name" : "USN-2888-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2888-1" - }, - { - "name" : "USN-2889-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2889-1" - }, - { - "name" : "USN-2889-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2889-2" - }, - { - "name" : "USN-2890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-1" - }, - { - "name" : "USN-2890-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-2" - }, - { - "name" : "USN-2890-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2890-3" - }, - { - "name" : "78219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78219" - }, - { - "name" : "1034895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034895" + }, + { + "name": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7" + }, + { + "name": "USN-2887-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2887-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/27/2" + }, + { + "name": "USN-2886-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2886-1" + }, + { + "name": "USN-2887-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2887-1" + }, + { + "name": "USN-2890-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-3" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "USN-2889-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2889-1" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "USN-2889-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2889-2" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286261" + }, + { + "name": "78219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78219" + }, + { + "name": "USN-2890-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" + }, + { + "name": "DSA-3426", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3426" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7" + }, + { + "name": "USN-2890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2890-1" + }, + { + "name": "USN-2888-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2888-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8858.json b/2015/8xxx/CVE-2015-8858.json index d5074c45687..936f0265327 100644 --- a/2015/8xxx/CVE-2015-8858.json +++ b/2015/8xxx/CVE-2015-8858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a \"regular expression denial of service (ReDoS).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "name" : "https://nodesecurity.io/advisories/48", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/48" - }, - { - "name" : "96409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a \"regular expression denial of service (ReDoS).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96409" + }, + { + "name": "https://nodesecurity.io/advisories/48", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/48" + }, + { + "name": "[oss-security] 20160420 various vulnerabilities in Node.js packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8923.json b/2015/8xxx/CVE-2015-8923.json index 757e544407d..d278696e403 100644 --- a/2015/8xxx/CVE-2015-8923.json +++ b/2015/8xxx/CVE-2015-8923.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" - }, - { - "name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" - }, - { - "name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/514", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/issues/514" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3657" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "RHSA-2016:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" - }, - { - "name" : "SUSE-SU-2016:1909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" - }, - { - "name" : "USN-3033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3033-1" - }, - { - "name" : "91309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3033-1" + }, + { + "name": "RHSA-2016:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html" + }, + { + "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" + }, + { + "name": "https://github.com/libarchive/libarchive/issues/514", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/issues/514" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "SUSE-SU-2016:1909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" + }, + { + "name": "91309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91309" + }, + { + "name": "[oss-security] 20160617 Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/2" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/5" + }, + { + "name": "DSA-3657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3657" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8982.json b/2015/8xxx/CVE-2015-8982.json index 7350b45100a..46955059aab 100644 --- a/2015/8xxx/CVE-2015-8982.json +++ b/2015/8xxx/CVE-2015-8982.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/3" - }, - { - "name" : "[oss-security] 20170214 Re: Pending CVE requests for glibc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/14/9" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=16009" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed" - }, - { - "name" : "72602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9" + }, + { + "name": "72602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72602" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed" + }, + { + "name": "[oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/13/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9108.json b/2015/9xxx/CVE-2015-9108.json index a5f42d27cf1..d16c0697e9d 100644 --- a/2015/9xxx/CVE-2015-9108.json +++ b/2015/9xxx/CVE-2015-9108.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted pointer dereference in QSEE syscall" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted pointer dereference in QSEE syscall" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0960.json b/2016/0xxx/CVE-2016-0960.json index c151846309f..a630c661453 100644 --- a/2016/0xxx/CVE-2016-0960.json +++ b/2016/0xxx/CVE-2016-0960.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" - }, - { - "name" : "GLSA-201603-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-07" - }, - { - "name" : "SUSE-SU-2016:0715", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:0716", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:0719", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:0734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" - }, - { - "name" : "84311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84311" - }, - { - "name" : "1035251", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" + }, + { + "name": "1035251", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035251" + }, + { + "name": "openSUSE-SU-2016:0719", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" + }, + { + "name": "84311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84311" + }, + { + "name": "GLSA-201603-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-07" + }, + { + "name": "SUSE-SU-2016:0715", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" + }, + { + "name": "SUSE-SU-2016:0716", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1144.json b/2016/1xxx/CVE-2016-1144.json index e28bf1be39d..f80fec135fb 100644 --- a/2016/1xxx/CVE-2016-1144.json +++ b/2016/1xxx/CVE-2016-1144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ws-download.net/info.php?type=version&id=V0001081", - "refsource" : "CONFIRM", - "url" : "http://www.ws-download.net/info.php?type=version&id=V0001081" - }, - { - "name" : "JVN#26921563", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN26921563/index.html" - }, - { - "name" : "JVNDB-2016-000017", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000017", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000017" + }, + { + "name": "http://www.ws-download.net/info.php?type=version&id=V0001081", + "refsource": "CONFIRM", + "url": "http://www.ws-download.net/info.php?type=version&id=V0001081" + }, + { + "name": "JVN#26921563", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN26921563/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1226.json b/2016/1xxx/CVE-2016-1226.json index 14e4f2c5a14..99a3fbef0e5 100644 --- a/2016/1xxx/CVE-2016-1226.json +++ b/2016/1xxx/CVE-2016-1226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx", - "refsource" : "CONFIRM", - "url" : "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx" - }, - { - "name" : "JVN#48789425", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48789425/index.html" - }, - { - "name" : "JVNDB-2016-000088", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000088" - }, - { - "name" : "1036137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000088", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000088" + }, + { + "name": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx", + "refsource": "CONFIRM", + "url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx" + }, + { + "name": "1036137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036137" + }, + { + "name": "JVN#48789425", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48789425/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1438.json b/2016/1xxx/CVE-2016-1438.json index 9a41a7273b5..491382dfc6f 100644 --- a/2016/1xxx/CVE-2016-1438.json +++ b/2016/1xxx/CVE-2016-1438.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160622 Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa" - }, - { - "name" : "1036156", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036156", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036156" + }, + { + "name": "20160622 Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1472.json b/2016/1xxx/CVE-2016-1472.json index c58ab713ea4..7a5f7de7d65 100644 --- a/2016/1xxx/CVE-2016-1472.json +++ b/2016/1xxx/CVE-2016-1472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf", - "refsource" : "MISC", - "url" : "http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf" - }, - { - "name" : "20160831 Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2" - }, - { - "name" : "92707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92707" - }, - { - "name" : "1036724", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036724", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036724" + }, + { + "name": "20160831 Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2" + }, + { + "name": "http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf", + "refsource": "MISC", + "url": "http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_dos.pdf" + }, + { + "name": "92707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92707" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1866.json b/2016/1xxx/CVE-2016-1866.json index e3c3de84705..c63611b564e 100644 --- a/2016/1xxx/CVE-2016-1866.json +++ b/2016/1xxx/CVE-2016-1866.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html" - }, - { - "name" : "openSUSE-SU-2016:0694", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html" + }, + { + "name": "openSUSE-SU-2016:0694", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1897.json b/2016/1xxx/CVE-2016-1897.json index 64c2ccabdd0..77435424333 100644 --- a/2016/1xxx/CVE-2016-1897.json +++ b/2016/1xxx/CVE-2016-1897.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/14/1" - }, - { - "name" : "http://habrahabr.ru/company/mailru/blog/274855", - "refsource" : "MISC", - "url" : "http://habrahabr.ru/company/mailru/blog/274855" - }, - { - "name" : "http://security.stackexchange.com/questions/110644", - "refsource" : "MISC", - "url" : "http://security.stackexchange.com/questions/110644" - }, - { - "name" : "DSA-3506", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3506" - }, - { - "name" : "GLSA-201606-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-09" - }, - { - "name" : "GLSA-201705-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-08" - }, - { - "name" : "SSA:2016-034-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036" - }, - { - "name" : "openSUSE-SU-2016:0243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html" - }, - { - "name" : "USN-2944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2944-1" - }, - { - "name" : "VU#772447", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/772447" - }, - { - "name" : "80501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/80501" - }, - { - "name" : "1034932", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.stackexchange.com/questions/110644", + "refsource": "MISC", + "url": "http://security.stackexchange.com/questions/110644" + }, + { + "name": "openSUSE-SU-2016:0243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html" + }, + { + "name": "1034932", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034932" + }, + { + "name": "GLSA-201705-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-08" + }, + { + "name": "80501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/80501" + }, + { + "name": "USN-2944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2944-1" + }, + { + "name": "[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/14/1" + }, + { + "name": "SSA:2016-034-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036" + }, + { + "name": "DSA-3506", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3506" + }, + { + "name": "http://habrahabr.ru/company/mailru/blog/274855", + "refsource": "MISC", + "url": "http://habrahabr.ru/company/mailru/blog/274855" + }, + { + "name": "GLSA-201606-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-09" + }, + { + "name": "VU#772447", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/772447" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5074.json b/2016/5xxx/CVE-2016-5074.json index 6dc9ef8113e..94773f6370e 100644 --- a/2016/5xxx/CVE-2016-5074.json +++ b/2016/5xxx/CVE-2016-5074.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-5074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CloudView NMS before 2.10a", - "version" : { - "version_data" : [ - { - "version_value" : "CloudView NMS before 2.10a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CloudView NMS before 2.10a has a format string issue exploitable over SNMP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "format string" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-5074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CloudView NMS before 2.10a", + "version": { + "version_data": [ + { + "version_value": "CloudView NMS before 2.10a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2" - }, - { - "name" : "98723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CloudView NMS before 2.10a has a format string issue exploitable over SNMP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "format string" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98723" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5278.json b/2016/5xxx/CVE-2016-5278.json index 0b82c53daac..b0d30c73511 100644 --- a/2016/5xxx/CVE-2016-5278.json +++ b/2016/5xxx/CVE-2016-5278.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-5278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1294677", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1294677" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-86/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-86/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2016-88/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2016-88/" - }, - { - "name" : "DSA-3674", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3674" - }, - { - "name" : "GLSA-201701-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-15" - }, - { - "name" : "RHSA-2016:1912", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1912.html" - }, - { - "name" : "93049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93049" - }, - { - "name" : "1036852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294677", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294677" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-86/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/" + }, + { + "name": "DSA-3674", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3674" + }, + { + "name": "GLSA-201701-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-15" + }, + { + "name": "RHSA-2016:1912", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2016-88/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/" + }, + { + "name": "93049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93049" + }, + { + "name": "1036852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036852" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5414.json b/2016/5xxx/CVE-2016-5414.json index 4ff098122a6..906cf3faefa 100644 --- a/2016/5xxx/CVE-2016-5414.json +++ b/2016/5xxx/CVE-2016-5414.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-5414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=1184610", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=1184610" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1360757", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1360757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=1184610", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=1184610" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1360757" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5748.json b/2016/5xxx/CVE-2016-5748.json index ef53cfafeda..379e4d66cb0 100644 --- a/2016/5xxx/CVE-2016-5748.json +++ b/2016/5xxx/CVE-2016-5748.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2016-5748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "NetIQ Access Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "External Entity Processing (XXE) vulnerability in the \"risk score\" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2016-5748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ Access Manager", + "version": { + "version_data": [ + { + "version_value": "NetIQ Access Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7017797", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7017797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "External Entity Processing (XXE) vulnerability in the \"risk score\" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7017797", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7017797" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2185.json b/2018/2xxx/CVE-2018-2185.json index 1800e3a7049..2896c739c83 100644 --- a/2018/2xxx/CVE-2018-2185.json +++ b/2018/2xxx/CVE-2018-2185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2185", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2185", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2872.json b/2018/2xxx/CVE-2018-2872.json index 871993bfd80..f11b79b2335 100644 --- a/2018/2xxx/CVE-2018-2872.json +++ b/2018/2xxx/CVE-2018-2872.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "General Ledger", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "General Ledger", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "103865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103865" - }, - { - "name" : "1040694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040694" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "103865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103865" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0030.json b/2019/0xxx/CVE-2019-0030.json index b24b3da81a0..6aef0a1cf20 100644 --- a/2019/0xxx/CVE-2019-0030.json +++ b/2019/0xxx/CVE-2019-0030.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2019-01-09T17:00:00.000Z", - "ID" : "CVE-2019-0030", - "STATE" : "PUBLIC", - "TITLE" : "Juniper ATP: Password hashing uses DES and a hardcoded salt" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Juniper ATP", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "5.0", - "version_value" : "5.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 6.7, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2019-01-09T17:00:00.000Z", + "ID": "CVE-2019-0030", + "STATE": "PUBLIC", + "TITLE": "Juniper ATP: Password hashing uses DES and a hardcoded salt" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Juniper ATP", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.0", + "version_value": "5.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10918", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10918" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version." - } - ], - "source" : { - "advisory" : "JSA10918", - "defect" : [ - "1365976", - "1365987" - ], - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm\nCWE-664 - Improper Control of a Resource Through its Lifetime" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10918", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10918" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases.\nIt is suggested to change any credentials after the upgrade to the fixed version." + } + ], + "source": { + "advisory": "JSA10918", + "defect": [ + "1365976", + "1365987" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk." + } + ] +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0567.json b/2019/0xxx/CVE-2019-0567.json index a7b00282ddc..656635999ae 100644 --- a/2019/0xxx/CVE-2019-0567.json +++ b/2019/0xxx/CVE-2019-0567.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2019-0567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46203", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46203/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567" - }, - { - "name" : "106418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46203", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46203/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567" + }, + { + "name": "106418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106418" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0625.json b/2019/0xxx/CVE-2019-0625.json index 5dd93396a12..6e06602c39f 100644 --- a/2019/0xxx/CVE-2019-0625.json +++ b/2019/0xxx/CVE-2019-0625.json @@ -1,185 +1,185 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "8.1 for 32-bit systems" - }, - { - "version_value" : "8.1 for x64-based systems" - }, - { - "version_value" : "RT 8.1" - }, - { - "version_value" : "10 for 32-bit Systems" - }, - { - "version_value" : "10 for x64-based Systems" - }, - { - "version_value" : "10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server", - "version" : { - "version_data" : [ - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value" : "2012" - }, - { - "version_value" : "2012 (Core installation)" - }, - { - "version_value" : "2012 R2" - }, - { - "version_value" : "2012 R2 (Core installation)" - }, - { - "version_value" : "2016" - }, - { - "version_value" : "2016 (Core installation)" - }, - { - "version_value" : "version 1709 (Core Installation)" - }, - { - "version_value" : "version 1803 (Core Installation)" - }, - { - "version_value" : "2019" - }, - { - "version_value" : "2019 (Core installation)" - }, - { - "version_value" : "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "2008 for x64-based Systems Service Pack 2 (Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "version 1709 (Core Installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625" - }, - { - "name" : "106926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625" + }, + { + "name": "106926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106926" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0709.json b/2019/0xxx/CVE-2019-0709.json index ffb347fed53..ee377dfde6f 100644 --- a/2019/0xxx/CVE-2019-0709.json +++ b/2019/0xxx/CVE-2019-0709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1117.json b/2019/1xxx/CVE-2019-1117.json index 5e036371a0b..97058543798 100644 --- a/2019/1xxx/CVE-2019-1117.json +++ b/2019/1xxx/CVE-2019-1117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1138.json b/2019/1xxx/CVE-2019-1138.json index 1fec868e1af..bcad76a82e8 100644 --- a/2019/1xxx/CVE-2019-1138.json +++ b/2019/1xxx/CVE-2019-1138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1873.json b/2019/1xxx/CVE-2019-1873.json index 8012207dfd4..c5310d8d188 100644 --- a/2019/1xxx/CVE-2019-1873.json +++ b/2019/1xxx/CVE-2019-1873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1935.json b/2019/1xxx/CVE-2019-1935.json index 9d8f364e9ad..a0a46e43d4b 100644 --- a/2019/1xxx/CVE-2019-1935.json +++ b/2019/1xxx/CVE-2019-1935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4130.json b/2019/4xxx/CVE-2019-4130.json index 20969d4a6b8..096f62d8bde 100644 --- a/2019/4xxx/CVE-2019-4130.json +++ b/2019/4xxx/CVE-2019-4130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4165.json b/2019/4xxx/CVE-2019-4165.json index 82bbc8e11b0..23b965d11bd 100644 --- a/2019/4xxx/CVE-2019-4165.json +++ b/2019/4xxx/CVE-2019-4165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4287.json b/2019/4xxx/CVE-2019-4287.json index 10b49da463f..66946ca3cac 100644 --- a/2019/4xxx/CVE-2019-4287.json +++ b/2019/4xxx/CVE-2019-4287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4303.json b/2019/4xxx/CVE-2019-4303.json index aead3adcea4..a7ed4082ae5 100644 --- a/2019/4xxx/CVE-2019-4303.json +++ b/2019/4xxx/CVE-2019-4303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5342.json b/2019/5xxx/CVE-2019-5342.json index 83c92e32c14..8e5881879b6 100644 --- a/2019/5xxx/CVE-2019-5342.json +++ b/2019/5xxx/CVE-2019-5342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5346.json b/2019/5xxx/CVE-2019-5346.json index 889017f6813..2283ff91f58 100644 --- a/2019/5xxx/CVE-2019-5346.json +++ b/2019/5xxx/CVE-2019-5346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5759.json b/2019/5xxx/CVE-2019-5759.json index 2892d6ff792..513eac6001b 100644 --- a/2019/5xxx/CVE-2019-5759.json +++ b/2019/5xxx/CVE-2019-5759.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2019-5759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "72.0.3626.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2019-5759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "72.0.3626.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/912211", - "refsource" : "MISC", - "url" : "https://crbug.com/912211" - }, - { - "name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4395", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4395" - }, - { - "name" : "RHSA-2019:0309", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0309" - }, - { - "name" : "106767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106767" + }, + { + "name": "RHSA-2019:0309", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0309" + }, + { + "name": "DSA-4395", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4395" + }, + { + "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/912211", + "refsource": "MISC", + "url": "https://crbug.com/912211" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5946.json b/2019/5xxx/CVE-2019-5946.json index dedff61a5f4..42c5e3c3327 100644 --- a/2019/5xxx/CVE-2019-5946.json +++ b/2019/5xxx/CVE-2019-5946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9049.json b/2019/9xxx/CVE-2019-9049.json index 372764513ff..58592b87390 100644 --- a/2019/9xxx/CVE-2019-9049.json +++ b/2019/9xxx/CVE-2019-9049.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pluck-cms/pluck/issues/69", - "refsource" : "MISC", - "url" : "https://github.com/pluck-cms/pluck/issues/69" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pluck-cms/pluck/issues/69", + "refsource": "MISC", + "url": "https://github.com/pluck-cms/pluck/issues/69" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9358.json b/2019/9xxx/CVE-2019-9358.json index cdaaf454624..0665ab2cab3 100644 --- a/2019/9xxx/CVE-2019-9358.json +++ b/2019/9xxx/CVE-2019-9358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9542.json b/2019/9xxx/CVE-2019-9542.json index a33842254c0..77d26552fb9 100644 --- a/2019/9xxx/CVE-2019-9542.json +++ b/2019/9xxx/CVE-2019-9542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9628.json b/2019/9xxx/CVE-2019-9628.json index 306ed58ebe4..f61fb7547d3 100644 --- a/2019/9xxx/CVE-2019-9628.json +++ b/2019/9xxx/CVE-2019-9628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9628", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9628", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file