From 5c5056be66e206f92b8b85bfbefc242d69df6bcf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:40:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0182.json | 430 +++++++++++++++++------------------ 2007/0xxx/CVE-2007-0299.json | 210 ++++++++--------- 2007/0xxx/CVE-2007-0553.json | 150 ++++++------ 2007/0xxx/CVE-2007-0619.json | 200 ++++++++-------- 2007/0xxx/CVE-2007-0783.json | 34 +-- 2007/0xxx/CVE-2007-0833.json | 140 ++++++------ 2007/1xxx/CVE-2007-1219.json | 160 ++++++------- 2007/1xxx/CVE-2007-1415.json | 420 +++++++++++++++++----------------- 2007/1xxx/CVE-2007-1613.json | 160 ++++++------- 2007/5xxx/CVE-2007-5247.json | 180 +++++++-------- 2007/5xxx/CVE-2007-5264.json | 170 +++++++------- 2007/5xxx/CVE-2007-5495.json | 180 +++++++-------- 2007/5xxx/CVE-2007-5654.json | 170 +++++++------- 2007/5xxx/CVE-2007-5782.json | 150 ++++++------ 2007/5xxx/CVE-2007-5922.json | 150 ++++++------ 2015/3xxx/CVE-2015-3379.json | 160 ++++++------- 2015/3xxx/CVE-2015-3389.json | 150 ++++++------ 2015/3xxx/CVE-2015-3402.json | 34 +-- 2015/3xxx/CVE-2015-3470.json | 34 +-- 2015/3xxx/CVE-2015-3659.json | 190 ++++++++-------- 2015/6xxx/CVE-2015-6247.json | 200 ++++++++-------- 2015/6xxx/CVE-2015-6521.json | 130 +++++------ 2015/6xxx/CVE-2015-6679.json | 240 +++++++++---------- 2015/7xxx/CVE-2015-7136.json | 34 +-- 2015/7xxx/CVE-2015-7319.json | 150 ++++++------ 2015/7xxx/CVE-2015-7889.json | 150 ++++++------ 2015/7xxx/CVE-2015-7932.json | 130 +++++------ 2015/8xxx/CVE-2015-8145.json | 34 +-- 2015/8xxx/CVE-2015-8301.json | 34 +-- 2015/8xxx/CVE-2015-8361.json | 150 ++++++------ 2015/8xxx/CVE-2015-8925.json | 220 +++++++++--------- 2016/0xxx/CVE-2016-0285.json | 130 +++++------ 2016/0xxx/CVE-2016-0549.json | 130 +++++------ 2016/0xxx/CVE-2016-0618.json | 130 +++++------ 2016/1xxx/CVE-2016-1285.json | 410 ++++++++++++++++----------------- 2016/1xxx/CVE-2016-1299.json | 120 +++++----- 2016/1xxx/CVE-2016-1520.json | 140 ++++++------ 2016/1xxx/CVE-2016-1742.json | 140 ++++++------ 2016/1xxx/CVE-2016-1805.json | 150 ++++++------ 2016/5xxx/CVE-2016-5968.json | 130 +++++------ 2019/0xxx/CVE-2019-0129.json | 122 +++++----- 2019/0xxx/CVE-2019-0316.json | 34 +-- 2019/0xxx/CVE-2019-0352.json | 34 +-- 2019/0xxx/CVE-2019-0649.json | 216 +++++++++--------- 2019/1xxx/CVE-2019-1400.json | 34 +-- 2019/1xxx/CVE-2019-1559.json | 230 +++++++++---------- 2019/1xxx/CVE-2019-1652.json | 188 +++++++-------- 2019/1xxx/CVE-2019-1838.json | 34 +-- 2019/4xxx/CVE-2019-4030.json | 178 +++++++-------- 2019/4xxx/CVE-2019-4147.json | 34 +-- 2019/4xxx/CVE-2019-4240.json | 34 +-- 2019/4xxx/CVE-2019-4663.json | 34 +-- 2019/5xxx/CVE-2019-5553.json | 34 +-- 2019/5xxx/CVE-2019-5878.json | 34 +-- 2019/5xxx/CVE-2019-5959.json | 34 +-- 2019/8xxx/CVE-2019-8084.json | 34 +-- 2019/8xxx/CVE-2019-8281.json | 34 +-- 2019/8xxx/CVE-2019-8923.json | 34 +-- 2019/8xxx/CVE-2019-8989.json | 34 +-- 2019/9xxx/CVE-2019-9018.json | 34 +-- 2019/9xxx/CVE-2019-9116.json | 120 +++++----- 2019/9xxx/CVE-2019-9388.json | 34 +-- 2019/9xxx/CVE-2019-9641.json | 130 +++++------ 63 files changed, 4076 insertions(+), 4076 deletions(-) diff --git a/2007/0xxx/CVE-2007-0182.json b/2007/0xxx/CVE-2007-0182.json index d9d0fb95b12..9e38a77995e 100644 --- a/2007/0xxx/CVE-2007-0182.json +++ b/2007/0xxx/CVE-2007-0182.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070108 magic photo storage website Multiple Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456389/100/0/threaded" - }, - { - "name" : "21965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21965" - }, - { - "name" : "32668", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32668" - }, - { - "name" : "33411", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33411" - }, - { - "name" : "33412", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33412" - }, - { - "name" : "33413", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33413" - }, - { - "name" : "33414", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33414" - }, - { - "name" : "33415", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33415" - }, - { - "name" : "33416", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33416" - }, - { - "name" : "33417", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33417" - }, - { - "name" : "33418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33418" - }, - { - "name" : "33419", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33419" - }, - { - "name" : "33420", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33420" - }, - { - "name" : "33421", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33421" - }, - { - "name" : "33422", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33422" - }, - { - "name" : "33423", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33423" - }, - { - "name" : "33425", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33425" - }, - { - "name" : "33426", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33426" - }, - { - "name" : "33427", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33427" - }, - { - "name" : "33428", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33428" - }, - { - "name" : "33429", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33429" - }, - { - "name" : "33430", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33430" - }, - { - "name" : "33431", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33431" - }, - { - "name" : "33433", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33433" - }, - { - "name" : "33435", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33435" - }, - { - "name" : "33436", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33436" - }, - { - "name" : "33437", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33437" - }, - { - "name" : "33438", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33438" - }, - { - "name" : "33439", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33439" - }, - { - "name" : "33432", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33432" - }, - { - "name" : "33434", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33434" - }, - { - "name" : "2136", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33419", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33419" + }, + { + "name": "33433", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33433" + }, + { + "name": "33436", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33436" + }, + { + "name": "33432", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33432" + }, + { + "name": "33430", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33430" + }, + { + "name": "33439", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33439" + }, + { + "name": "33426", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33426" + }, + { + "name": "32668", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32668" + }, + { + "name": "33413", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33413" + }, + { + "name": "33411", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33411" + }, + { + "name": "33415", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33415" + }, + { + "name": "33420", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33420" + }, + { + "name": "33438", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33438" + }, + { + "name": "33425", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33425" + }, + { + "name": "33418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33418" + }, + { + "name": "33427", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33427" + }, + { + "name": "2136", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2136" + }, + { + "name": "33434", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33434" + }, + { + "name": "20070108 magic photo storage website Multiple Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456389/100/0/threaded" + }, + { + "name": "33423", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33423" + }, + { + "name": "33417", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33417" + }, + { + "name": "33412", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33412" + }, + { + "name": "33421", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33421" + }, + { + "name": "33428", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33428" + }, + { + "name": "33422", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33422" + }, + { + "name": "21965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21965" + }, + { + "name": "33437", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33437" + }, + { + "name": "33414", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33414" + }, + { + "name": "33429", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33429" + }, + { + "name": "33435", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33435" + }, + { + "name": "33431", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33431" + }, + { + "name": "33416", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33416" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0299.json b/2007/0xxx/CVE-2007-0299.json index 45691045a30..234bdb63634 100644 --- a/2007/0xxx/CVE-2007-0299.json +++ b/2007/0xxx/CVE-2007-0299.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-11-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-11-01-2007.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "VU#515792", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/515792" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "31653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31653" - }, - { - "name" : "1017751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017751" - }, - { - "name" : "23725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23725" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31653" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "1017751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017751" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-11-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-11-01-2007.html" + }, + { + "name": "VU#515792", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/515792" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "23725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23725" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0553.json b/2007/0xxx/CVE-2007-0553.json index 00154a9a928..ba4bce3f97f 100644 --- a/2007/0xxx/CVE-2007-0553.json +++ b/2007/0xxx/CVE-2007-0553.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693" - }, - { - "name" : "22255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22255" - }, - { - "name" : "ADV-2007-0348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0348" - }, - { - "name" : "36812", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693" + }, + { + "name": "ADV-2007-0348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0348" + }, + { + "name": "22255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22255" + }, + { + "name": "36812", + "refsource": "OSVDB", + "url": "http://osvdb.org/36812" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0619.json b/2007/0xxx/CVE-2007-0619.json index b064ca644e0..19cfb727642 100644 --- a/2007/0xxx/CVE-2007-0619.json +++ b/2007/0xxx/CVE-2007-0619.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468" - }, - { - "name" : "http://morte.jedrea.com/~jedwin/projects/chmlib/", - "refsource" : "CONFIRM", - "url" : "http://morte.jedrea.com/~jedwin/projects/chmlib/" - }, - { - "name" : "GLSA-200702-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-12.xml" - }, - { - "name" : "SUSE-SR:2007:003", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_3_sr.html" - }, - { - "name" : "22258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22258" - }, - { - "name" : "ADV-2007-0361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0361" - }, - { - "name" : "1017565", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017565" - }, - { - "name" : "23975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23975" - }, - { - "name" : "24335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017565", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017565" + }, + { + "name": "23975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23975" + }, + { + "name": "ADV-2007-0361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0361" + }, + { + "name": "SUSE-SR:2007:003", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_3_sr.html" + }, + { + "name": "22258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22258" + }, + { + "name": "24335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24335" + }, + { + "name": "20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468" + }, + { + "name": "GLSA-200702-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-12.xml" + }, + { + "name": "http://morte.jedrea.com/~jedwin/projects/chmlib/", + "refsource": "CONFIRM", + "url": "http://morte.jedrea.com/~jedwin/projects/chmlib/" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0783.json b/2007/0xxx/CVE-2007-0783.json index f2d50a752de..ffa234de055 100644 --- a/2007/0xxx/CVE-2007-0783.json +++ b/2007/0xxx/CVE-2007-0783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0833.json b/2007/0xxx/CVE-2007-0833.json index c0a71cbecae..7eb2fd87116 100644 --- a/2007/0xxx/CVE-2007-0833.json +++ b/2007/0xxx/CVE-2007-0833.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation 5.5.3 34685, when the \"Enable copy and paste to and from this virtual machine\" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070203 Vmare workstation guest isolation weaknesses (clipboard transfer)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459140/100/0/threaded" - }, - { - "name" : "22413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22413" - }, - { - "name" : "33221", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation 5.5.3 34685, when the \"Enable copy and paste to and from this virtual machine\" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33221", + "refsource": "OSVDB", + "url": "http://osvdb.org/33221" + }, + { + "name": "20070203 Vmare workstation guest isolation weaknesses (clipboard transfer)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459140/100/0/threaded" + }, + { + "name": "22413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22413" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1219.json b/2007/1xxx/CVE-2007-1219.json index d2b9a007bdd..b86c72b8ca5 100644 --- a/2007/1xxx/CVE-2007-1219.json +++ b/2007/1xxx/CVE-2007-1219.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3382", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3382" - }, - { - "name" : "22739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22739" - }, - { - "name" : "ADV-2007-0778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0778" - }, - { - "name" : "34635", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34635" - }, - { - "name" : "admin-phorum-del-file-include(32719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34635", + "refsource": "OSVDB", + "url": "http://osvdb.org/34635" + }, + { + "name": "ADV-2007-0778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0778" + }, + { + "name": "22739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22739" + }, + { + "name": "3382", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3382" + }, + { + "name": "admin-phorum-del-file-include(32719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32719" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1415.json b/2007/1xxx/CVE-2007-1415.json index 343f8286e8c..6b819193af7 100644 --- a/2007/1xxx/CVE-2007-1415.json +++ b/2007/1xxx/CVE-2007-1415.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070310 [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462452/100/0/threaded" - }, - { - "name" : "3443", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3443" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv68-K-159-2007.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv68-K-159-2007.txt" - }, - { - "name" : "22895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22895" - }, - { - "name" : "ADV-2007-0917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0917" - }, - { - "name" : "35101", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35101" - }, - { - "name" : "35102", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35102" - }, - { - "name" : "35103", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35103" - }, - { - "name" : "35104", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35104" - }, - { - "name" : "35105", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35105" - }, - { - "name" : "35106", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35106" - }, - { - "name" : "35107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35107" - }, - { - "name" : "35108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35108" - }, - { - "name" : "35109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35109" - }, - { - "name" : "35110", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35110" - }, - { - "name" : "35111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35111" - }, - { - "name" : "35112", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35112" - }, - { - "name" : "35113", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35113" - }, - { - "name" : "35114", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35114" - }, - { - "name" : "35115", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35115" - }, - { - "name" : "35116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35116" - }, - { - "name" : "35117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35117" - }, - { - "name" : "35118", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35118" - }, - { - "name" : "35119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35119" - }, - { - "name" : "35120", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35120" - }, - { - "name" : "35121", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35121" - }, - { - "name" : "35122", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35122" - }, - { - "name" : "35123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35123" - }, - { - "name" : "35124", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35124" - }, - { - "name" : "35125", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/35125" - }, - { - "name" : "pmbservices-multiple-scripts-file-include(32890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35115", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35115" + }, + { + "name": "35111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35111" + }, + { + "name": "35116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35116" + }, + { + "name": "35101", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35101" + }, + { + "name": "35105", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35105" + }, + { + "name": "35123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35123" + }, + { + "name": "35121", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35121" + }, + { + "name": "35103", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35103" + }, + { + "name": "35107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35107" + }, + { + "name": "35106", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35106" + }, + { + "name": "3443", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3443" + }, + { + "name": "35125", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35125" + }, + { + "name": "35117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35117" + }, + { + "name": "35112", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35112" + }, + { + "name": "35120", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35120" + }, + { + "name": "35124", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35124" + }, + { + "name": "35110", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35110" + }, + { + "name": "20070310 [ECHO_ADV_68$2007] PMB Services <= 3.0.13 Multiple Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462452/100/0/threaded" + }, + { + "name": "35108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35108" + }, + { + "name": "35114", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35114" + }, + { + "name": "35119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35119" + }, + { + "name": "22895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22895" + }, + { + "name": "ADV-2007-0917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0917" + }, + { + "name": "35113", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35113" + }, + { + "name": "35118", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35118" + }, + { + "name": "35102", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35102" + }, + { + "name": "35104", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35104" + }, + { + "name": "35122", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35122" + }, + { + "name": "pmbservices-multiple-scripts-file-include(32890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32890" + }, + { + "name": "http://advisories.echo.or.id/adv/adv68-K-159-2007.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv68-K-159-2007.txt" + }, + { + "name": "35109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/35109" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1613.json b/2007/1xxx/CVE-2007-1613.json index 3a6a48f0348..0774eb4f00e 100644 --- a/2007/1xxx/CVE-2007-1613.json +++ b/2007/1xxx/CVE-2007-1613.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3503", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3503" - }, - { - "name" : "23009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23009" - }, - { - "name" : "ADV-2007-1008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1008" - }, - { - "name" : "34278", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34278" - }, - { - "name" : "24576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3503", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3503" + }, + { + "name": "ADV-2007-1008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1008" + }, + { + "name": "34278", + "refsource": "OSVDB", + "url": "http://osvdb.org/34278" + }, + { + "name": "24576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24576" + }, + { + "name": "23009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23009" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5247.json b/2007/5xxx/CVE-2007-5247.json index 800a3b36ed1..bcc241765a8 100644 --- a/2007/5xxx/CVE-2007-5247.json +++ b/2007/5xxx/CVE-2007-5247.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071001 Format string in F.E.A.R. 1.08 through PB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481231/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/fearfspb-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/fearfspb-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/fearfspb.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/fearfspb.zip" - }, - { - "name" : "45530", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45530" - }, - { - "name" : "45531", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45531" - }, - { - "name" : "3197", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3197" - }, - { - "name" : "fear-punkbuster-format-string(36900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45530", + "refsource": "OSVDB", + "url": "http://osvdb.org/45530" + }, + { + "name": "http://aluigi.altervista.org/adv/fearfspb-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/fearfspb-adv.txt" + }, + { + "name": "http://aluigi.org/poc/fearfspb.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/fearfspb.zip" + }, + { + "name": "20071001 Format string in F.E.A.R. 1.08 through PB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481231/100/0/threaded" + }, + { + "name": "3197", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3197" + }, + { + "name": "45531", + "refsource": "OSVDB", + "url": "http://osvdb.org/45531" + }, + { + "name": "fear-punkbuster-format-string(36900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36900" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5264.json b/2007/5xxx/CVE-2007-5264.json index a117585c4da..a823c28e016 100644 --- a/2007/5xxx/CVE-2007-5264.json +++ b/2007/5xxx/CVE-2007-5264.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071005 Multiple vulnerabilities in Dropteam 1.3.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481616/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/dropteamz-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/dropteamz-adv.txt" - }, - { - "name" : "25943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25943" - }, - { - "name" : "27107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27107" - }, - { - "name" : "3202", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3202" - }, - { - "name" : "dropteam-account-information-disclosure(36978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/dropteamz-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/dropteamz-adv.txt" + }, + { + "name": "20071005 Multiple vulnerabilities in Dropteam 1.3.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481616/100/0/threaded" + }, + { + "name": "dropteam-account-information-disclosure(36978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36978" + }, + { + "name": "25943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25943" + }, + { + "name": "27107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27107" + }, + { + "name": "3202", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3202" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5495.json b/2007/5xxx/CVE-2007-5495.json index bf2f82f30b5..63e337fa351 100644 --- a/2007/5xxx/CVE-2007-5495.json +++ b/2007/5xxx/CVE-2007-5495.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=288221", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=288221" - }, - { - "name" : "RHSA-2008:0061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0061.html" - }, - { - "name" : "29320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29320" - }, - { - "name" : "oval:org.mitre.oval:def:9705", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705" - }, - { - "name" : "1020077", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020077" - }, - { - "name" : "30339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30339" - }, - { - "name" : "setroubleshoot-sealert-symlink(42591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "setroubleshoot-sealert-symlink(42591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42591" + }, + { + "name": "oval:org.mitre.oval:def:9705", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705" + }, + { + "name": "30339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30339" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=288221", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=288221" + }, + { + "name": "1020077", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020077" + }, + { + "name": "RHSA-2008:0061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0061.html" + }, + { + "name": "29320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29320" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5654.json b/2007/5xxx/CVE-2007-5654.json index 90ea1c3173d..b113da26a42 100644 --- a/2007/5xxx/CVE-2007-5654.json +++ b/2007/5xxx/CVE-2007-5654.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a \"%00.\" sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka \"Mime Type Injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4556", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4556" - }, - { - "name" : "http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html", - "refsource" : "CONFIRM", - "url" : "http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html" - }, - { - "name" : "26163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26163" - }, - { - "name" : "41867", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41867" - }, - { - "name" : "27302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27302" - }, - { - "name" : "litespeed-mimetype-info-disclosure(37380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a \"%00.\" sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka \"Mime Type Injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html", + "refsource": "CONFIRM", + "url": "http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html" + }, + { + "name": "27302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27302" + }, + { + "name": "litespeed-mimetype-info-disclosure(37380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37380" + }, + { + "name": "41867", + "refsource": "OSVDB", + "url": "http://osvdb.org/41867" + }, + { + "name": "26163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26163" + }, + { + "name": "4556", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4556" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5782.json b/2007/5xxx/CVE-2007-5782.json index 7029de97f4d..e862a3f9ce1 100644 --- a/2007/5xxx/CVE-2007-5782.json +++ b/2007/5xxx/CVE-2007-5782.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4580", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4580" - }, - { - "name" : "26222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26222" - }, - { - "name" : "ADV-2007-3641", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3641" - }, - { - "name" : "fireconfig-dl-directory-traversal(38124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26222" + }, + { + "name": "4580", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4580" + }, + { + "name": "fireconfig-dl-directory-traversal(38124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38124" + }, + { + "name": "ADV-2007-3641", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3641" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5922.json b/2007/5xxx/CVE-2007-5922.json index 86c4ea0ea39..4295fa5dc6e 100644 --- a/2007/5xxx/CVE-2007-5922.json +++ b/2007/5xxx/CVE-2007-5922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071106 Cypress BX script backdoored?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/483350/100/0/threaded" - }, - { - "name" : "26372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26372" - }, - { - "name" : "42073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42073" - }, - { - "name" : "27556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071106 Cypress BX script backdoored?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/483350/100/0/threaded" + }, + { + "name": "27556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27556" + }, + { + "name": "26372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26372" + }, + { + "name": "42073", + "refsource": "OSVDB", + "url": "http://osvdb.org/42073" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3379.json b/2015/3xxx/CVE-2015-3379.json index 415279f3824..25a098146e3 100644 --- a/2015/3xxx/CVE-2015-3379.json +++ b/2015/3xxx/CVE-2015-3379.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150213 CVE requests for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/13/12" - }, - { - "name" : "https://www.drupal.org/node/2424403", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2424403" - }, - { - "name" : "https://www.drupal.org/node/2424097", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2424097" - }, - { - "name" : "https://www.drupal.org/node/2424101", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2424101" - }, - { - "name" : "https://www.drupal.org/node/2424103", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2424103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2424403", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2424403" + }, + { + "name": "https://www.drupal.org/node/2424103", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2424103" + }, + { + "name": "[oss-security] 20150213 CVE requests for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/13/12" + }, + { + "name": "https://www.drupal.org/node/2424101", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2424101" + }, + { + "name": "https://www.drupal.org/node/2424097", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2424097" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3389.json b/2015/3xxx/CVE-2015-3389.json index a9fc875e3a7..a8e0441168c 100644 --- a/2015/3xxx/CVE-2015-3389.json +++ b/2015/3xxx/CVE-2015-3389.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150205 CVE requests for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/05/16" - }, - { - "name" : "https://www.drupal.org/node/2420119", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2420119" - }, - { - "name" : "74271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74271" - }, - { - "name" : "publicdownload-drupal-downloadcount-xss(100653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2420119", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2420119" + }, + { + "name": "[oss-security] 20150205 CVE requests for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/05/16" + }, + { + "name": "74271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74271" + }, + { + "name": "publicdownload-drupal-downloadcount-xss(100653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100653" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3402.json b/2015/3xxx/CVE-2015-3402.json index d1deb76d020..114203e5758 100644 --- a/2015/3xxx/CVE-2015-3402.json +++ b/2015/3xxx/CVE-2015-3402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3470.json b/2015/3xxx/CVE-2015-3470.json index 8cbfe04e17b..bae6da262e5 100644 --- a/2015/3xxx/CVE-2015-3470.json +++ b/2015/3xxx/CVE-2015-3470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3470", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3470", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3659.json b/2015/3xxx/CVE-2015-3659.json index b604c107706..b6e653864fb 100644 --- a/2015/3xxx/CVE-2015-3659.json +++ b/2015/3xxx/CVE-2015-3659.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT204941", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204941" - }, - { - "name" : "http://support.apple.com/kb/HT204950", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204950" - }, - { - "name" : "APPLE-SA-2015-06-30-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-06-30-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "75492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75492" - }, - { - "name" : "1032754", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT204941", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204941" + }, + { + "name": "http://support.apple.com/kb/HT204950", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204950" + }, + { + "name": "75492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75492" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "APPLE-SA-2015-06-30-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" + }, + { + "name": "APPLE-SA-2015-06-30-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html" + }, + { + "name": "1032754", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032754" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6247.json b/2015/6xxx/CVE-2015-6247.json index 06e8389d5f9..a448b46287a 100644 --- a/2015/6xxx/CVE-2015-6247.json +++ b/2015/6xxx/CVE-2015-6247.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2015-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2015-27.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=828358d22c6bcf0a1ade5b3ffaa8018a385bfc6c", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=828358d22c6bcf0a1ade5b3ffaa8018a385bfc6c" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3367", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3367" - }, - { - "name" : "FEDORA-2015-13945", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html" - }, - { - "name" : "FEDORA-2015-13946", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html" - }, - { - "name" : "openSUSE-SU-2015:1836", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html" - }, - { - "name" : "1033272", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-13945", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html" + }, + { + "name": "1033272", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033272" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=828358d22c6bcf0a1ade5b3ffaa8018a385bfc6c", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=828358d22c6bcf0a1ade5b3ffaa8018a385bfc6c" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11358" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2015-27.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2015-27.html" + }, + { + "name": "FEDORA-2015-13946", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html" + }, + { + "name": "DSA-3367", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3367" + }, + { + "name": "openSUSE-SU-2015:1836", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6521.json b/2015/6xxx/CVE-2015-6521.json index d0bd144f513..1c848fd7d32 100644 --- a/2015/6xxx/CVE-2015-6521.json +++ b/2015/6xxx/CVE-2015-6521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150818 Re: CVE Request: ATutor LMS Version 2.2 with stored XSS and file upload issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/19/1" - }, - { - "name" : "https://github.com/atutor/ATutor/issues/103", - "refsource" : "CONFIRM", - "url" : "https://github.com/atutor/ATutor/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/atutor/ATutor/issues/103", + "refsource": "CONFIRM", + "url": "https://github.com/atutor/ATutor/issues/103" + }, + { + "name": "[oss-security] 20150818 Re: CVE Request: ATutor LMS Version 2.2 with stored XSS and file upload issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6679.json b/2015/6xxx/CVE-2015-6679.json index da4e20d3343..4e1bb552723 100644 --- a/2015/6xxx/CVE-2015-6679.json +++ b/2015/6xxx/CVE-2015-6679.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76806" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76806" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7136.json b/2015/7xxx/CVE-2015-7136.json index b5dc6681718..37962522bf5 100644 --- a/2015/7xxx/CVE-2015-7136.json +++ b/2015/7xxx/CVE-2015-7136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7136", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7136", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7319.json b/2015/7xxx/CVE-2015-7319.json index 2ac9480a20a..14fdac74f2c 100644 --- a/2015/7xxx/CVE-2015-7319.json +++ b/2015/7xxx/CVE-2015-7319.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536555/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8199", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8199" - }, - { - "name" : "https://wordpress.org/plugins/appointment-booking-calendar/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/appointment-booking-calendar/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/appointment-booking-calendar/changelog/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8199", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8199" + }, + { + "name": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html" + }, + { + "name": "20150926 CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536555/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7889.json b/2015/7xxx/CVE-2015-7889.json index 8b38ab245e9..be45ab3c368 100644 --- a/2015/7xxx/CVE-2015-7889.json +++ b/2015/7xxx/CVE-2015-7889.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38558", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38558/" - }, - { - "name" : "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1" - }, - { - "name" : "77339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77339" + }, + { + "name": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html" + }, + { + "name": "38558", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38558/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7932.json b/2015/7xxx/CVE-2015-7932.json index dba80546a2d..d89abeadd3d 100644 --- a/2015/7xxx/CVE-2015-7932.json +++ b/2015/7xxx/CVE-2015-7932.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-7932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01" - }, - { - "name" : "79345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01" + }, + { + "name": "79345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79345" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8145.json b/2015/8xxx/CVE-2015-8145.json index a24dcfc8a7b..8dd02bb3921 100644 --- a/2015/8xxx/CVE-2015-8145.json +++ b/2015/8xxx/CVE-2015-8145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8145", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8145", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8301.json b/2015/8xxx/CVE-2015-8301.json index 3952e416451..f6fe18e50c7 100644 --- a/2015/8xxx/CVE-2015-8301.json +++ b/2015/8xxx/CVE-2015-8301.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8301", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8301", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8361.json b/2015/8xxx/CVE-2015-8361.json index 5de3d65aa1b..f69644c8929 100644 --- a/2015/8xxx/CVE-2015-8361.json +++ b/2015/8xxx/CVE-2015-8361.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160122 January 2016 - Bamboo - Critical Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537347/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html" - }, - { - "name" : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html" - }, - { - "name" : "https://jira.atlassian.com/browse/BAM-17102", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BAM-17102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160122 January 2016 - Bamboo - Critical Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537347/100/0/threaded" + }, + { + "name": "https://jira.atlassian.com/browse/BAM-17102", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BAM-17102" + }, + { + "name": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html" + }, + { + "name": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8925.json b/2015/8xxx/CVE-2015-8925.json index 69b4f3362ac..a83a4d784dc 100644 --- a/2015/8xxx/CVE-2015-8925.json +++ b/2015/8xxx/CVE-2015-8925.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160617 Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/2" - }, - { - "name" : "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/17/5" - }, - { - "name" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", - "refsource" : "MISC", - "url" : "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" - }, - { - "name" : "https://github.com/libarchive/libarchive/issues/516", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/issues/516" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3657", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3657" - }, - { - "name" : "GLSA-201701-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-03" - }, - { - "name" : "RHSA-2016:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html" - }, - { - "name" : "SUSE-SU-2016:1909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" - }, - { - "name" : "USN-3033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3033-1" - }, - { - "name" : "91306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3033-1" + }, + { + "name": "RHSA-2016:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html" + }, + { + "name": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html", + "refsource": "MISC", + "url": "https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "https://github.com/libarchive/libarchive/issues/516", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/issues/516" + }, + { + "name": "SUSE-SU-2016:1909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html" + }, + { + "name": "91306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91306" + }, + { + "name": "[oss-security] 20160617 Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/2" + }, + { + "name": "GLSA-201701-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-03" + }, + { + "name": "[oss-security] 20160617 Re: Many invalid memory access issues in libarchive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/17/5" + }, + { + "name": "DSA-3657", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3657" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0285.json b/2016/0xxx/CVE-2016-0285.json index a5533f930ff..f2c6b40c0ca 100644 --- a/2016/0xxx/CVE-2016-0285.json +++ b/2016/0xxx/CVE-2016-0285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991478", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991478" - }, - { - "name" : "94550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991478" + }, + { + "name": "94550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94550" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0549.json b/2016/0xxx/CVE-2016-0549.json index b5dc375eec4..29cf9d89b65 100644 --- a/2016/0xxx/CVE-2016-0549.json +++ b/2016/0xxx/CVE-2016-0549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0618.json b/2016/0xxx/CVE-2016-0618.json index 309d92894eb..e03471aee7c 100644 --- a/2016/0xxx/CVE-2016-0618.json +++ b/2016/0xxx/CVE-2016-0618.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034735", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034735", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034735" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1285.json b/2016/1xxx/CVE-2016-1285.json index 18bda19e1c3..860cec072bd 100644 --- a/2016/1xxx/CVE-2016-1285.json +++ b/2016/1xxx/CVE-2016-1285.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-01352", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01352" - }, - { - "name" : "https://kb.isc.org/article/AA-01380", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01380" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "https://kb.isc.org/article/AA-01438", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-01438" - }, - { - "name" : "DSA-3511", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3511" - }, - { - "name" : "FEDORA-2016-161b73fc2c", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html" - }, - { - "name" : "FEDORA-2016-364c0a9df4", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html" - }, - { - "name" : "FEDORA-2016-75f31fbb0a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html" - }, - { - "name" : "FEDORA-2016-dce6dbe6a8", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html" - }, - { - "name" : "FEDORA-2016-b593e84223", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html" - }, - { - "name" : "FEDORA-2016-5047abe4a9", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html" - }, - { - "name" : "FreeBSD-SA-16:13", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc" - }, - { - "name" : "GLSA-201610-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-07" - }, - { - "name" : "HPSBUX03583", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=146191105921542&w=2" - }, - { - "name" : "SSRT110084", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=146191105921542&w=2" - }, - { - "name" : "RHSA-2016:0601", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0601.html" - }, - { - "name" : "RHSA-2016:0562", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0562.html" - }, - { - "name" : "SUSE-SU-2016:1541", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html" - }, - { - "name" : "SUSE-SU-2016:0759", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html" - }, - { - "name" : "SUSE-SU-2016:0780", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html" - }, - { - "name" : "SUSE-SU-2016:0825", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html" - }, - { - "name" : "openSUSE-SU-2016:0827", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html" - }, - { - "name" : "openSUSE-SU-2016:0830", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html" - }, - { - "name" : "openSUSE-SU-2016:0834", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html" - }, - { - "name" : "openSUSE-SU-2016:0859", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html" - }, - { - "name" : "USN-2925-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2925-1" - }, - { - "name" : "1035236", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "FEDORA-2016-5047abe4a9", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html" + }, + { + "name": "DSA-3511", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3511" + }, + { + "name": "SUSE-SU-2016:0780", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html" + }, + { + "name": "FreeBSD-SA-16:13", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc" + }, + { + "name": "https://kb.isc.org/article/AA-01438", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01438" + }, + { + "name": "USN-2925-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2925-1" + }, + { + "name": "https://kb.isc.org/article/AA-01352", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01352" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "RHSA-2016:0562", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html" + }, + { + "name": "openSUSE-SU-2016:0830", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html" + }, + { + "name": "GLSA-201610-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-07" + }, + { + "name": "1035236", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035236" + }, + { + "name": "SUSE-SU-2016:1541", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html" + }, + { + "name": "FEDORA-2016-364c0a9df4", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html" + }, + { + "name": "openSUSE-SU-2016:0834", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html" + }, + { + "name": "HPSBUX03583", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=146191105921542&w=2" + }, + { + "name": "SUSE-SU-2016:0759", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html" + }, + { + "name": "https://kb.isc.org/article/AA-01380", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-01380" + }, + { + "name": "FEDORA-2016-dce6dbe6a8", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html" + }, + { + "name": "FEDORA-2016-b593e84223", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "SUSE-SU-2016:0825", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html" + }, + { + "name": "RHSA-2016:0601", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html" + }, + { + "name": "SSRT110084", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=146191105921542&w=2" + }, + { + "name": "openSUSE-SU-2016:0859", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html" + }, + { + "name": "FEDORA-2016-161b73fc2c", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html" + }, + { + "name": "openSUSE-SU-2016:0827", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html" + }, + { + "name": "FEDORA-2016-75f31fbb0a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1299.json b/2016/1xxx/CVE-2016-1299.json index 9959ce3a2b3..11645f00093 100644 --- a/2016/1xxx/CVE-2016-1299.json +++ b/2016/1xxx/CVE-2016-1299.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160127 Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160127 Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1520.json b/2016/1xxx/CVE-2016-1520.json index 8705f8e8aca..fc03ebed31f 100644 --- a/2016/1xxx/CVE-2016-1520.json +++ b/2016/1xxx/CVE-2016-1520.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160317 CVE-2016-1520: GrandStream Android VoIP App Update Redirection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537821/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html" - }, - { - "name" : "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136291/Grandstream-Wave-1.0.1.26-Update-Redirection.html" + }, + { + "name": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf", + "refsource": "MISC", + "url": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1520-app-update-redirection.pdf" + }, + { + "name": "20160317 CVE-2016-1520: GrandStream Android VoIP App Update Redirection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537821/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1742.json b/2016/1xxx/CVE-2016-1742.json index 5338d93ee7c..2697857ea36 100644 --- a/2016/1xxx/CVE-2016-1742.json +++ b/2016/1xxx/CVE-2016-1742.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206379", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206379" - }, - { - "name" : "APPLE-SA-2016-05-16-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00006.html" - }, - { - "name" : "1035887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-05-16-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00006.html" + }, + { + "name": "1035887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035887" + }, + { + "name": "https://support.apple.com/HT206379", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206379" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1805.json b/2016/1xxx/CVE-2016-1805.json index e15cfbfc257..d596bfdebf8 100644 --- a/2016/1xxx/CVE-2016-1805.json +++ b/2016/1xxx/CVE-2016-1805.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90696" - }, - { - "name" : "1035895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "90696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90696" + }, + { + "name": "1035895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035895" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5968.json b/2016/5xxx/CVE-2016-5968.json index b9802e88c7c..0f8ac795540 100644 --- a/2016/5xxx/CVE-2016-5968.json +++ b/2016/5xxx/CVE-2016-5968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989374", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989374" - }, - { - "name" : "94516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94516" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989374", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989374" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0129.json b/2019/0xxx/CVE-2019-0129.json index be472e175c3..6268960abbb 100644 --- a/2019/0xxx/CVE-2019-0129.json +++ b/2019/0xxx/CVE-2019-0129.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2019-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) USB 3.0 Creator Utility", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2019-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) USB 3.0 Creator Utility", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00229.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00229.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00229.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00229.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0316.json b/2019/0xxx/CVE-2019-0316.json index ae0a5972ab9..e5fbd73c0cd 100644 --- a/2019/0xxx/CVE-2019-0316.json +++ b/2019/0xxx/CVE-2019-0316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0352.json b/2019/0xxx/CVE-2019-0352.json index f26d40757b4..f55a2616725 100644 --- a/2019/0xxx/CVE-2019-0352.json +++ b/2019/0xxx/CVE-2019-0352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0649.json b/2019/0xxx/CVE-2019-0649.json index d0a6b79cd4b..1f498c3a70a 100644 --- a/2019/0xxx/CVE-2019-0649.json +++ b/2019/0xxx/CVE-2019-0649.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649" - }, - { - "name" : "106877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649" + }, + { + "name": "106877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106877" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1400.json b/2019/1xxx/CVE-2019-1400.json index bfad55ad67f..cc9390595b5 100644 --- a/2019/1xxx/CVE-2019-1400.json +++ b/2019/1xxx/CVE-2019-1400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index e0a791d39fa..e7433d22fc3 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2019-02-26", - "ID" : "CVE-2019-1559", - "STATE" : "PUBLIC", - "TITLE" : "0-byte record padding oracle" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." - } - ] - }, - "impact" : [ - { - "lang" : "eng", - "url" : "https://www.openssl.org/policies/secpolicy.html#Moderate", - "value" : "Moderate" - } - ], - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Padding Oracle" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-02-26", + "ID": "CVE-2019-1559", + "STATE": "PUBLIC", + "TITLE": "0-byte record padding oracle" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" - }, - { - "name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", - "refsource" : "CONFIRM", - "url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" - }, - { - "name" : "https://www.openssl.org/news/secadv/20190226.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20190226.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190301-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190301-0002/" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190301-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190301-0001/" - }, - { - "name" : "DSA-4400", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4400" - }, - { - "name" : "GLSA-201903-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-10" - }, - { - "name" : "USN-3899-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3899-1/" - }, - { - "name" : "107174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107174" - } - ] - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." + } + ] + }, + "impact": [ + { + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", + "value": "Moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Padding Oracle" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" + }, + { + "name": "107174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107174" + }, + { + "name": "GLSA-201903-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-10" + }, + { + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "refsource": "CONFIRM", + "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" + }, + { + "name": "USN-3899-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3899-1/" + }, + { + "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" + }, + { + "name": "https://www.openssl.org/news/secadv/20190226.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20190226.txt" + }, + { + "name": "DSA-4400", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4400" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1652.json b/2019/1xxx/CVE-2019-1652.json index 1183f72fd1c..227e3541eae 100644 --- a/2019/1xxx/CVE-2019-1652.json +++ b/2019/1xxx/CVE-2019-1652.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2019-1652", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Small Business RV Series Router Firmware ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.2", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2019-1652", + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business RV Series Router Firmware ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46243", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46243/" - }, - { - "name" : "20190123 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject" - }, - { - "name" : "106728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106728" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-rv-inject", - "defect" : [ - [ - "CSCvm78058" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190123 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject" + }, + { + "name": "46243", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46243/" + }, + { + "name": "106728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106728" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-rv-inject", + "defect": [ + [ + "CSCvm78058" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1838.json b/2019/1xxx/CVE-2019-1838.json index 737ef62e217..860617821f0 100644 --- a/2019/1xxx/CVE-2019-1838.json +++ b/2019/1xxx/CVE-2019-1838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4030.json b/2019/4xxx/CVE-2019-4030.json index f94b8b0072e..e0dad5ee971 100644 --- a/2019/4xxx/CVE-2019-4030.json +++ b/2019/4xxx/CVE-2019-4030.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2019-4030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2019-03-04T00:00:00", + "ID": "CVE-2019-4030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10869406" - }, - { - "name" : "ibm-websphere-cve20194030-xss(155946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10869406", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406" + }, + { + "name": "ibm-websphere-cve20194030-xss(155946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4147.json b/2019/4xxx/CVE-2019-4147.json index 377f943c7c9..2215a30b56d 100644 --- a/2019/4xxx/CVE-2019-4147.json +++ b/2019/4xxx/CVE-2019-4147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4240.json b/2019/4xxx/CVE-2019-4240.json index 03d216b5be2..f01f0e313b8 100644 --- a/2019/4xxx/CVE-2019-4240.json +++ b/2019/4xxx/CVE-2019-4240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4663.json b/2019/4xxx/CVE-2019-4663.json index 039e112f505..8d39f0d3b4b 100644 --- a/2019/4xxx/CVE-2019-4663.json +++ b/2019/4xxx/CVE-2019-4663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5553.json b/2019/5xxx/CVE-2019-5553.json index 2c6ff3935aa..9420448877c 100644 --- a/2019/5xxx/CVE-2019-5553.json +++ b/2019/5xxx/CVE-2019-5553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5878.json b/2019/5xxx/CVE-2019-5878.json index 39d1787190d..4ab9a6a8d2b 100644 --- a/2019/5xxx/CVE-2019-5878.json +++ b/2019/5xxx/CVE-2019-5878.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5878", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5878", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5959.json b/2019/5xxx/CVE-2019-5959.json index 94880f2b5de..005066d0151 100644 --- a/2019/5xxx/CVE-2019-5959.json +++ b/2019/5xxx/CVE-2019-5959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5959", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5959", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8084.json b/2019/8xxx/CVE-2019-8084.json index d7e21b44b32..089d277bf27 100644 --- a/2019/8xxx/CVE-2019-8084.json +++ b/2019/8xxx/CVE-2019-8084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8281.json b/2019/8xxx/CVE-2019-8281.json index 5dab9806d94..2c94b7dc738 100644 --- a/2019/8xxx/CVE-2019-8281.json +++ b/2019/8xxx/CVE-2019-8281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8923.json b/2019/8xxx/CVE-2019-8923.json index b05fb5d515f..1f5e8481e24 100644 --- a/2019/8xxx/CVE-2019-8923.json +++ b/2019/8xxx/CVE-2019-8923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8989.json b/2019/8xxx/CVE-2019-8989.json index 4c72a9de021..e2ca75a9ef0 100644 --- a/2019/8xxx/CVE-2019-8989.json +++ b/2019/8xxx/CVE-2019-8989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9018.json b/2019/9xxx/CVE-2019-9018.json index 89b3ec787f2..c02d2693bb0 100644 --- a/2019/9xxx/CVE-2019-9018.json +++ b/2019/9xxx/CVE-2019-9018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9116.json b/2019/9xxx/CVE-2019-9116.json index 1ea2417d909..86d7e629e2f 100644 --- a/2019/9xxx/CVE-2019-9116.json +++ b/2019/9xxx/CVE-2019-9116.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\\Temp\\sublime_text folder. NOTE: the vendor's position is \"This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SublimeTextIssues/Core/issues/2544", - "refsource" : "MISC", - "url" : "https://github.com/SublimeTextIssues/Core/issues/2544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\\Temp\\sublime_text folder. NOTE: the vendor's position is \"This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SublimeTextIssues/Core/issues/2544", + "refsource": "MISC", + "url": "https://github.com/SublimeTextIssues/Core/issues/2544" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9388.json b/2019/9xxx/CVE-2019-9388.json index f38ca9d2c6e..282cda97354 100644 --- a/2019/9xxx/CVE-2019-9388.json +++ b/2019/9xxx/CVE-2019-9388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9641.json b/2019/9xxx/CVE-2019-9641.json index b4409ef16a2..32a24c5d691 100644 --- a/2019/9xxx/CVE-2019-9641.json +++ b/2019/9xxx/CVE-2019-9641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=77509", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77509" - }, - { - "name" : "DSA-4403", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4403", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4403" + }, + { + "name": "https://bugs.php.net/bug.php?id=77509", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77509" + } + ] + } +} \ No newline at end of file