From 5eb4afe5b8238d8eabd2d63f9438b5a05ca4e747 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:41:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0227.json | 120 ++++++------- 1999/0xxx/CVE-1999-0407.json | 130 +++++++------- 2007/0xxx/CVE-2007-0282.json | 170 +++++++++--------- 2007/0xxx/CVE-2007-0549.json | 140 +++++++-------- 2007/0xxx/CVE-2007-0678.json | 160 ++++++++--------- 2007/0xxx/CVE-2007-0946.json | 220 +++++++++++------------ 2007/0xxx/CVE-2007-0962.json | 220 +++++++++++------------ 2007/0xxx/CVE-2007-0982.json | 150 ++++++++-------- 2007/1xxx/CVE-2007-1254.json | 160 ++++++++--------- 2007/1xxx/CVE-2007-1271.json | 200 ++++++++++----------- 2007/1xxx/CVE-2007-1408.json | 140 +++++++-------- 2007/1xxx/CVE-2007-1906.json | 210 +++++++++++----------- 2007/5xxx/CVE-2007-5132.json | 210 +++++++++++----------- 2007/5xxx/CVE-2007-5293.json | 200 ++++++++++----------- 2007/5xxx/CVE-2007-5594.json | 170 +++++++++--------- 2007/5xxx/CVE-2007-5843.json | 160 ++++++++--------- 2007/5xxx/CVE-2007-5965.json | 240 ++++++++++++------------- 2015/3xxx/CVE-2015-3620.json | 170 +++++++++--------- 2015/3xxx/CVE-2015-3774.json | 150 ++++++++-------- 2015/3xxx/CVE-2015-3803.json | 170 +++++++++--------- 2015/3xxx/CVE-2015-3928.json | 34 ++-- 2015/3xxx/CVE-2015-3998.json | 120 ++++++------- 2015/6xxx/CVE-2015-6080.json | 130 +++++++------- 2015/6xxx/CVE-2015-6214.json | 34 ++-- 2015/6xxx/CVE-2015-6264.json | 34 ++-- 2015/7xxx/CVE-2015-7508.json | 34 ++-- 2015/7xxx/CVE-2015-7623.json | 140 +++++++-------- 2015/7xxx/CVE-2015-7757.json | 34 ++-- 2015/8xxx/CVE-2015-8065.json | 180 +++++++++---------- 2015/8xxx/CVE-2015-8150.json | 140 +++++++-------- 2015/8xxx/CVE-2015-8343.json | 34 ++-- 2015/8xxx/CVE-2015-8466.json | 160 ++++++++--------- 2015/8xxx/CVE-2015-8514.json | 34 ++-- 2016/0xxx/CVE-2016-0152.json | 140 +++++++-------- 2016/0xxx/CVE-2016-0355.json | 176 +++++++++---------- 2016/0xxx/CVE-2016-0649.json | 330 +++++++++++++++++------------------ 2016/0xxx/CVE-2016-0812.json | 130 +++++++------- 2016/1xxx/CVE-2016-1003.json | 34 ++-- 2016/1xxx/CVE-2016-1173.json | 140 +++++++-------- 2016/5xxx/CVE-2016-5013.json | 130 +++++++------- 2016/5xxx/CVE-2016-5114.json | 190 ++++++++++---------- 2016/5xxx/CVE-2016-5169.json | 140 +++++++-------- 2016/5xxx/CVE-2016-5965.json | 34 ++-- 2019/0xxx/CVE-2019-0058.json | 34 ++-- 2019/0xxx/CVE-2019-0159.json | 34 ++-- 2019/0xxx/CVE-2019-0199.json | 34 ++-- 2019/0xxx/CVE-2019-0663.json | 282 +++++++++++++++--------------- 2019/0xxx/CVE-2019-0923.json | 34 ++-- 2019/1xxx/CVE-2019-1019.json | 34 ++-- 2019/1xxx/CVE-2019-1626.json | 34 ++-- 2019/1xxx/CVE-2019-1638.json | 200 ++++++++++----------- 2019/1xxx/CVE-2019-1753.json | 34 ++-- 2019/4xxx/CVE-2019-4124.json | 34 ++-- 2019/4xxx/CVE-2019-4383.json | 34 ++-- 2019/4xxx/CVE-2019-4409.json | 34 ++-- 2019/4xxx/CVE-2019-4657.json | 34 ++-- 2019/5xxx/CVE-2019-5718.json | 150 ++++++++-------- 2019/5xxx/CVE-2019-5948.json | 34 ++-- 2019/5xxx/CVE-2019-5966.json | 34 ++-- 2019/8xxx/CVE-2019-8205.json | 34 ++-- 2019/8xxx/CVE-2019-8302.json | 34 ++-- 2019/8xxx/CVE-2019-8438.json | 120 ++++++------- 2019/8xxx/CVE-2019-8555.json | 34 ++-- 2019/8xxx/CVE-2019-8665.json | 34 ++-- 2019/9xxx/CVE-2019-9016.json | 120 ++++++------- 2019/9xxx/CVE-2019-9661.json | 120 ++++++------- 2019/9xxx/CVE-2019-9686.json | 140 +++++++-------- 2019/9xxx/CVE-2019-9771.json | 130 +++++++------- 68 files changed, 3941 insertions(+), 3941 deletions(-) diff --git a/1999/0xxx/CVE-1999-0227.json b/1999/0xxx/CVE-1999-0227.json index 53172c7c816..bfce8fcb88c 100644 --- a/1999/0xxx/CVE-1999-0227.json +++ b/1999/0xxx/CVE-1999-0227.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "Q154087", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q154087", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0407.json b/1999/0xxx/CVE-1999-0407.json index 0d599a75de6..c9b60ee8cc4 100644 --- a/1999/0xxx/CVE-1999-0407.json +++ b/1999/0xxx/CVE-1999-0407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91983486431506&w=2" - }, - { - "name" : "19990209 Re: IIS4 allows proxied password attacks over NetBIOS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=92000623021036&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91983486431506&w=2" + }, + { + "name": "19990209 Re: IIS4 allows proxied password attacks over NetBIOS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=92000623021036&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0282.json b/2007/0xxx/CVE-2007-0282.json index ca68c2b13af..05ac5ed7969 100644 --- a/2007/0xxx/CVE-2007-0282.json +++ b/2007/0xxx/CVE-2007-0282.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" - }, - { - "name" : "TA07-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" - }, - { - "name" : "22083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22083" - }, - { - "name" : "1017522", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017522" - }, - { - "name" : "23794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23794" - }, - { - "name" : "oracle-cpu-jan2007(31541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23794" + }, + { + "name": "22083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22083" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html" + }, + { + "name": "TA07-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html" + }, + { + "name": "oracle-cpu-jan2007(31541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541" + }, + { + "name": "1017522", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017522" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0549.json b/2007/0xxx/CVE-2007-0549.json index d1bcf8c606a..ff3ea7a2f20 100644 --- a/2007/0xxx/CVE-2007-0549.json +++ b/2007/0xxx/CVE-2007-0549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070121 XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457611/100/0/threaded" - }, - { - "name" : "2212", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2212" - }, - { - "name" : "212cafeboard-list3-xss(31650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2212", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2212" + }, + { + "name": "212cafeboard-list3-xss(31650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31650" + }, + { + "name": "20070121 XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457611/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0678.json b/2007/0xxx/CVE-2007-0678.json index 36053fd16b0..7a2739d729f 100644 --- a/2007/0xxx/CVE-2007-0678.json +++ b/2007/0xxx/CVE-2007-0678.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3233", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3233" - }, - { - "name" : "22347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22347" - }, - { - "name" : "ADV-2007-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0453" - }, - { - "name" : "36041", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36041" - }, - { - "name" : "fullaspsite-windows-sql-injection(32020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fullaspsite-windows-sql-injection(32020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32020" + }, + { + "name": "22347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22347" + }, + { + "name": "ADV-2007-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0453" + }, + { + "name": "36041", + "refsource": "OSVDB", + "url": "http://osvdb.org/36041" + }, + { + "name": "3233", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3233" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0946.json b/2007/0xxx/CVE-2007-0946.json index 8254c598407..aef54a99366 100644 --- a/2007/0xxx/CVE-2007-0946.json +++ b/2007/0xxx/CVE-2007-0946.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two \"HTML Objects Memory Corruption Vulnerabilities\" and a different issue than CVE-2007-0947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02214", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/468871/100/200/threaded" - }, - { - "name" : "SSRT071422", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/468871/100/200/threaded" - }, - { - "name" : "MS07-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" - }, - { - "name" : "TA07-128A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" - }, - { - "name" : "23770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23770" - }, - { - "name" : "ADV-2007-1712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1712" - }, - { - "name" : "34402", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34402" - }, - { - "name" : "oval:org.mitre.oval:def:1441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1441" - }, - { - "name" : "1018019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018019" - }, - { - "name" : "23769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23769" - }, - { - "name" : "ie-html-memory-code-execution(33255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two \"HTML Objects Memory Corruption Vulnerabilities\" and a different issue than CVE-2007-0947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02214", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" + }, + { + "name": "ADV-2007-1712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1712" + }, + { + "name": "34402", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34402" + }, + { + "name": "23770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23770" + }, + { + "name": "1018019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018019" + }, + { + "name": "SSRT071422", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/468871/100/200/threaded" + }, + { + "name": "MS07-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027" + }, + { + "name": "23769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23769" + }, + { + "name": "ie-html-memory-code-execution(33255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33255" + }, + { + "name": "TA07-128A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-128A.html" + }, + { + "name": "oval:org.mitre.oval:def:1441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1441" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0962.json b/2007/0xxx/CVE-2007-0962.json index a52eeeec518..618bbdc1d18 100644 --- a/2007/0xxx/CVE-2007-0962.json +++ b/2007/0xxx/CVE-2007-0962.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml" - }, - { - "name" : "20070214 Multiple Vulnerabilities in Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml" - }, - { - "name" : "22562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22562" - }, - { - "name" : "22561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22561" - }, - { - "name" : "ADV-2007-0608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0608" - }, - { - "name" : "33055", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33055" - }, - { - "name" : "1017651", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017651" - }, - { - "name" : "1017652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017652" - }, - { - "name" : "24160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24160" - }, - { - "name" : "24180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24180" - }, - { - "name" : "cisco-pix-asa-http-dos(32486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0608" + }, + { + "name": "24180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24180" + }, + { + "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml" + }, + { + "name": "1017651", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017651" + }, + { + "name": "22561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22561" + }, + { + "name": "cisco-pix-asa-http-dos(32486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486" + }, + { + "name": "33055", + "refsource": "OSVDB", + "url": "http://osvdb.org/33055" + }, + { + "name": "22562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22562" + }, + { + "name": "24160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24160" + }, + { + "name": "20070214 Multiple Vulnerabilities in Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml" + }, + { + "name": "1017652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017652" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0982.json b/2007/0xxx/CVE-2007-0982.json index 904731b900e..cc2d4342be7 100644 --- a/2007/0xxx/CVE-2007-0982.json +++ b/2007/0xxx/CVE-2007-0982.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.taskfreak.com/versions.html", - "refsource" : "MISC", - "url" : "http://www.taskfreak.com/versions.html" - }, - { - "name" : "22537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22537" - }, - { - "name" : "33120", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33120" - }, - { - "name" : "24123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24123" + }, + { + "name": "33120", + "refsource": "OSVDB", + "url": "http://osvdb.org/33120" + }, + { + "name": "http://www.taskfreak.com/versions.html", + "refsource": "MISC", + "url": "http://www.taskfreak.com/versions.html" + }, + { + "name": "22537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22537" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1254.json b/2007/1xxx/CVE-2007-1254.json index 5c0ca9496a5..7bb0266be34 100644 --- a/2007/1xxx/CVE-2007-1254.json +++ b/2007/1xxx/CVE-2007-1254.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460947/100/0/threaded" - }, - { - "name" : "3352", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3352" - }, - { - "name" : "33537", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33537" - }, - { - "name" : "24255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24255" - }, - { - "name" : "2364", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24255" + }, + { + "name": "2364", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2364" + }, + { + "name": "20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460947/100/0/threaded" + }, + { + "name": "33537", + "refsource": "OSVDB", + "url": "http://osvdb.org/33537" + }, + { + "name": "3352", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3352" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1271.json b/2007/1xxx/CVE-2007-1271.json index 349bbad4671..4c4f8d5508b 100644 --- a/2007/1xxx/CVE-2007-1271.json +++ b/2007/1xxx/CVE-2007-1271.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html" - }, - { - "name" : "23322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23322" - }, - { - "name" : "oval:org.mitre.oval:def:5552", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5552" - }, - { - "name" : "ADV-2007-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1267" - }, - { - "name" : "1017875", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017875" - }, - { - "name" : "24788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24788" - }, - { - "name" : "2524", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017875", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017875" + }, + { + "name": "23322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23322" + }, + { + "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" + }, + { + "name": "ADV-2007-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1267" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html" + }, + { + "name": "24788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24788" + }, + { + "name": "oval:org.mitre.oval:def:5552", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5552" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html" + }, + { + "name": "2524", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2524" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1408.json b/2007/1xxx/CVE-2007-1408.json index ae5a70831b8..fb6d26f5054 100644 --- a/2007/1xxx/CVE-2007-1408.json +++ b/2007/1xxx/CVE-2007-1408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru2/bank.php?r1=910&r2=918", - "refsource" : "MISC", - "url" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru2/bank.php?r1=910&r2=918" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=672237", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=672237" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=491871&group_id=118350", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=491871&group_id=118350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru2/bank.php?r1=910&r2=918", + "refsource": "MISC", + "url": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru2/bank.php?r1=910&r2=918" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=491871&group_id=118350", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=491871&group_id=118350" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=672237", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=672237" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1906.json b/2007/1xxx/CVE-2007-1906.json index e88ca4a89a7..a500dfe33ff 100644 --- a/2007/1xxx/CVE-2007-1906.json +++ b/2007/1xxx/CVE-2007-1906.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070409 Hot Editor v4.0 Local File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465094/100/0/threaded" - }, - { - "name" : "20070409 Mybb Hot Editor Plugin Local File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465092/100/0/threaded" - }, - { - "name" : "http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html", - "refsource" : "MISC", - "url" : "http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html" - }, - { - "name" : "http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html", - "refsource" : "MISC", - "url" : "http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html" - }, - { - "name" : "23377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23377" - }, - { - "name" : "ADV-2007-1315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1315" - }, - { - "name" : "34776", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34776" - }, - { - "name" : "24825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24825" - }, - { - "name" : "2533", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2533" - }, - { - "name" : "hoteditor-keyboard-file-include(33521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1315" + }, + { + "name": "23377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23377" + }, + { + "name": "24825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24825" + }, + { + "name": "34776", + "refsource": "OSVDB", + "url": "http://osvdb.org/34776" + }, + { + "name": "http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html", + "refsource": "MISC", + "url": "http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html" + }, + { + "name": "20070409 Mybb Hot Editor Plugin Local File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465092/100/0/threaded" + }, + { + "name": "http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html", + "refsource": "MISC", + "url": "http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html" + }, + { + "name": "20070409 Hot Editor v4.0 Local File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465094/100/0/threaded" + }, + { + "name": "hoteditor-keyboard-file-include(33521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33521" + }, + { + "name": "2533", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2533" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5132.json b/2007/5xxx/CVE-2007-5132.json index 68441aa73c3..ab32ba2c3c8 100644 --- a/2007/5xxx/CVE-2007-5132.json +++ b/2007/5xxx/CVE-2007-5132.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to \"the handling of thread contexts.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-403.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-403.htm" - }, - { - "name" : "103084", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103084-1" - }, - { - "name" : "25821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25821" - }, - { - "name" : "ADV-2007-3274", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3274" - }, - { - "name" : "37712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37712" - }, - { - "name" : "oval:org.mitre.oval:def:2214", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2214" - }, - { - "name" : "1018744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018744" - }, - { - "name" : "27059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27059" - }, - { - "name" : "26950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26950" - }, - { - "name" : "solaris-thread-contexts-dos(36793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to \"the handling of thread contexts.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2214", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2214" + }, + { + "name": "25821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25821" + }, + { + "name": "27059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27059" + }, + { + "name": "solaris-thread-contexts-dos(36793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36793" + }, + { + "name": "1018744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018744" + }, + { + "name": "26950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26950" + }, + { + "name": "103084", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103084-1" + }, + { + "name": "ADV-2007-3274", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3274" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-403.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-403.htm" + }, + { + "name": "37712", + "refsource": "OSVDB", + "url": "http://osvdb.org/37712" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5293.json b/2007/5xxx/CVE-2007-5293.json index 498f325b2fc..1d50b961205 100644 --- a/2007/5xxx/CVE-2007-5293.json +++ b/2007/5xxx/CVE-2007-5293.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071006 idmos-phoenix cms Remote File inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481682/100/0/threaded" - }, - { - "name" : "4495", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4495" - }, - { - "name" : "25950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25950" - }, - { - "name" : "ADV-2007-3433", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3433" - }, - { - "name" : "38631", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38631" - }, - { - "name" : "38632", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38632" - }, - { - "name" : "3205", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3205" - }, - { - "name" : "idmos-error-xss(36997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36997" - }, - { - "name" : "idmos-ia-xss(36999)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4495", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4495" + }, + { + "name": "20071006 idmos-phoenix cms Remote File inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481682/100/0/threaded" + }, + { + "name": "3205", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3205" + }, + { + "name": "idmos-error-xss(36997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36997" + }, + { + "name": "idmos-ia-xss(36999)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36999" + }, + { + "name": "38632", + "refsource": "OSVDB", + "url": "http://osvdb.org/38632" + }, + { + "name": "ADV-2007-3433", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3433" + }, + { + "name": "25950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25950" + }, + { + "name": "38631", + "refsource": "OSVDB", + "url": "http://osvdb.org/38631" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5594.json b/2007/5xxx/CVE-2007-5594.json index 77dee6a1cfe..06ec919fdea 100644 --- a/2007/5xxx/CVE-2007-5594.json +++ b/2007/5xxx/CVE-2007-5594.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/184348", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/184348" - }, - { - "name" : "FEDORA-2007-2649", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html" - }, - { - "name" : "26119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26119" - }, - { - "name" : "27290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27290" - }, - { - "name" : "27352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27352" - }, - { - "name" : "drupal-http-request-csrf(37268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/184348", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/184348" + }, + { + "name": "drupal-http-request-csrf(37268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37268" + }, + { + "name": "FEDORA-2007-2649", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html" + }, + { + "name": "27352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27352" + }, + { + "name": "27290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27290" + }, + { + "name": "26119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26119" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5843.json b/2007/5xxx/CVE-2007-5843.json index 9c41b1c5dcc..70a61dc5a8b 100644 --- a/2007/5xxx/CVE-2007-5843.json +++ b/2007/5xxx/CVE-2007-5843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4604" - }, - { - "name" : "26316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26316" - }, - { - "name" : "ADV-2007-3751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3751" - }, - { - "name" : "38480", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38480" - }, - { - "name" : "scwiki-common-file-include(38251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38480", + "refsource": "OSVDB", + "url": "http://osvdb.org/38480" + }, + { + "name": "ADV-2007-3751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3751" + }, + { + "name": "4604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4604" + }, + { + "name": "scwiki-common-file-include(38251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38251" + }, + { + "name": "26316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26316" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5965.json b/2007/5xxx/CVE-2007-5965.json index 27f8a9471e0..500c7707a73 100644 --- a/2007/5xxx/CVE-2007-5965.json +++ b/2007/5xxx/CVE-2007-5965.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=427232", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=427232" - }, - { - "name" : "http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220", - "refsource" : "CONFIRM", - "url" : "http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220" - }, - { - "name" : "FEDORA-2007-4285", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00005.html" - }, - { - "name" : "FEDORA-2007-4354", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00131.html" - }, - { - "name" : "MDVSA-2008:042", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:042" - }, - { - "name" : "SUSE-SR:2008:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" - }, - { - "name" : "USN-579-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-579-1" - }, - { - "name" : "27112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27112" - }, - { - "name" : "ADV-2008-0018", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0018" - }, - { - "name" : "28228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28228" - }, - { - "name" : "28321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28321" - }, - { - "name" : "28636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28636" - }, - { - "name" : "28999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2007-4354", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00131.html" + }, + { + "name": "28999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28999" + }, + { + "name": "SUSE-SR:2008:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html" + }, + { + "name": "27112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27112" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=427232", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427232" + }, + { + "name": "FEDORA-2007-4285", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00005.html" + }, + { + "name": "28228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28228" + }, + { + "name": "MDVSA-2008:042", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:042" + }, + { + "name": "ADV-2008-0018", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0018" + }, + { + "name": "USN-579-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-579-1" + }, + { + "name": "28636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28636" + }, + { + "name": "http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220", + "refsource": "CONFIRM", + "url": "http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220" + }, + { + "name": "28321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28321" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3620.json b/2015/3xxx/CVE-2015-3620.json index a1c6479da68..b15a41448f0 100644 --- a/2015/3xxx/CVE-2015-3620.json +++ b/2015/3xxx/CVE-2015-3620.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535452/100/0/threaded" - }, - { - "name" : "20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/May/13" - }, - { - "name" : "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.fortiguard.com/advisory/FG-IR-15-005/", - "refsource" : "CONFIRM", - "url" : "http://www.fortiguard.com/advisory/FG-IR-15-005/" - }, - { - "name" : "74646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74646" - }, - { - "name" : "1032262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/", + "refsource": "CONFIRM", + "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/" + }, + { + "name": "20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/May/13" + }, + { + "name": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html" + }, + { + "name": "20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded" + }, + { + "name": "74646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74646" + }, + { + "name": "1032262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032262" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3774.json b/2015/3xxx/CVE-2015-3774.json index 7fe20b33e0f..859a55a3e81 100644 --- a/2015/3xxx/CVE-2015-3774.json +++ b/2015/3xxx/CVE-2015-3774.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "76340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76340" - }, - { - "name" : "1033276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76340" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "1033276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033276" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3803.json b/2015/3xxx/CVE-2015-3803.json index 5da6263ed9e..b9617d2eb5a 100644 --- a/2015/3xxx/CVE-2015-3803.json +++ b/2015/3xxx/CVE-2015-3803.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3928.json b/2015/3xxx/CVE-2015-3928.json index 25c80d41b3b..ee3141401d5 100644 --- a/2015/3xxx/CVE-2015-3928.json +++ b/2015/3xxx/CVE-2015-3928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3998.json b/2015/3xxx/CVE-2015-3998.json index d72005e6c03..493c959c4c7 100644 --- a/2015/3xxx/CVE-2015-3998.json +++ b/2015/3xxx/CVE-2015-3998.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=119", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisory.php?v=119", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=119" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6080.json b/2015/6xxx/CVE-2015-6080.json index 0f584714d52..4e973edddf9 100644 --- a/2015/6xxx/CVE-2015-6080.json +++ b/2015/6xxx/CVE-2015-6080.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-112", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112" - }, - { - "name" : "1034112", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034112", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034112" + }, + { + "name": "MS15-112", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6214.json b/2015/6xxx/CVE-2015-6214.json index f5db7222a61..7db717e5308 100644 --- a/2015/6xxx/CVE-2015-6214.json +++ b/2015/6xxx/CVE-2015-6214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6214", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6214", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6264.json b/2015/6xxx/CVE-2015-6264.json index 0b5c5d61616..0fda2e03164 100644 --- a/2015/6xxx/CVE-2015-6264.json +++ b/2015/6xxx/CVE-2015-6264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6264", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1349. Reason: This candidate is a reservation duplicate of CVE-2016-1349. Notes: All CVE users should reference CVE-2016-1349 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6264", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1349. Reason: This candidate is a reservation duplicate of CVE-2016-1349. Notes: All CVE users should reference CVE-2016-1349 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7508.json b/2015/7xxx/CVE-2015-7508.json index d2534369046..d865b25f191 100644 --- a/2015/7xxx/CVE-2015-7508.json +++ b/2015/7xxx/CVE-2015-7508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7508", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7508", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7623.json b/2015/7xxx/CVE-2015-7623.json index 30abd53e9a8..b5b44d045b5 100644 --- a/2015/7xxx/CVE-2015-7623.json +++ b/2015/7xxx/CVE-2015-7623.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, and CVE-2015-7620." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-7623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-510", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-510" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, and CVE-2015-7620." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-510", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-510" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7757.json b/2015/7xxx/CVE-2015-7757.json index b18ffc49f40..bc25e6dd41e 100644 --- a/2015/7xxx/CVE-2015-7757.json +++ b/2015/7xxx/CVE-2015-7757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7757", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7757", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8065.json b/2015/8xxx/CVE-2015-8065.json index ead7f1e4d3c..ff000be8880 100644 --- a/2015/8xxx/CVE-2015-8065.json +++ b/2015/8xxx/CVE-2015-8065.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-8065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" - }, - { - "name" : "GLSA-201601-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201601-03" - }, - { - "name" : "SUSE-SU-2015:2236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" - }, - { - "name" : "SUSE-SU-2015:2247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:2239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" - }, - { - "name" : "78715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78715" - }, - { - "name" : "1034318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:2239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html" + }, + { + "name": "78715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78715" + }, + { + "name": "SUSE-SU-2015:2236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html" + }, + { + "name": "SUSE-SU-2015:2247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html" + }, + { + "name": "1034318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034318" + }, + { + "name": "GLSA-201601-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201601-03" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8150.json b/2015/8xxx/CVE-2015-8150.json index ba2884a0c1a..5a6ef1deb2d 100644 --- a/2015/8xxx/CVE-2015-8150.json +++ b/2015/8xxx/CVE-2015-8150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2015-8150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00" - }, - { - "name" : "83269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83269" - }, - { - "name" : "1035063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035063" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160218_00" + }, + { + "name": "83269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83269" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8343.json b/2015/8xxx/CVE-2015-8343.json index 531b144009c..f63a9f80321 100644 --- a/2015/8xxx/CVE-2015-8343.json +++ b/2015/8xxx/CVE-2015-8343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8466.json b/2015/8xxx/CVE-2015-8466.json index 98116a770ce..530bf8eeb5b 100644 --- a/2015/8xxx/CVE-2015-8466.json +++ b/2015/8xxx/CVE-2015-8466.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/swift3/+bug/1497424", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift3/+bug/1497424" - }, - { - "name" : "https://github.com/openstack/swift3/blob/master/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/swift3/blob/master/CHANGELOG" - }, - { - "name" : "https://swiftstack.com/docs/admin/release.html", - "refsource" : "CONFIRM", - "url" : "https://swiftstack.com/docs/admin/release.html" - }, - { - "name" : "DSA-3583", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3583" - }, - { - "name" : "FEDORA-2015-1ca595f821", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174374.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3583", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3583" + }, + { + "name": "https://swiftstack.com/docs/admin/release.html", + "refsource": "CONFIRM", + "url": "https://swiftstack.com/docs/admin/release.html" + }, + { + "name": "https://bugs.launchpad.net/swift3/+bug/1497424", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift3/+bug/1497424" + }, + { + "name": "https://github.com/openstack/swift3/blob/master/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/swift3/blob/master/CHANGELOG" + }, + { + "name": "FEDORA-2015-1ca595f821", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174374.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8514.json b/2015/8xxx/CVE-2015-8514.json index 0266fe9e71a..cf6a070934e 100644 --- a/2015/8xxx/CVE-2015-8514.json +++ b/2015/8xxx/CVE-2015-8514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8514", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8514", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0152.json b/2016/0xxx/CVE-2016-0152.json index 47a34557401..5395a655f11 100644 --- a/2016/0xxx/CVE-2016-0152.json +++ b/2016/0xxx/CVE-2016-0152.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows DLL Loading Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-058" - }, - { - "name" : "90020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90020" - }, - { - "name" : "1035834", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows DLL Loading Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035834", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035834" + }, + { + "name": "90020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90020" + }, + { + "name": "MS16-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-058" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0355.json b/2016/0xxx/CVE-2016-0355.json index 8391c1b5338..e22d487dcfc 100644 --- a/2016/0xxx/CVE-2016-0355.json +++ b/2016/0xxx/CVE-2016-0355.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2016-0355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2016-0355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/111894", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/111894" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439" - }, - { - "name" : "100599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100599" - }, - { - "name" : "1039231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100599" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111894", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111894" + }, + { + "name": "1039231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039231" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0649.json b/2016/0xxx/CVE-2016-0649.json index 49bc20059b4..cfd92b5efbb 100644 --- a/2016/0xxx/CVE-2016-0649.json +++ b/2016/0xxx/CVE-2016-0649.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "DSA-3595", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3595" - }, - { - "name" : "DSA-3557", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3557" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:1602", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1602.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "openSUSE-SU-2016:1686", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" - }, - { - "name" : "SUSE-SU-2016:1619", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:1620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:1664", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" - }, - { - "name" : "SUSE-SU-2016:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:1332", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html" - }, - { - "name" : "USN-2953-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2953-1" - }, - { - "name" : "86498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86498" - }, - { - "name" : "1035606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" + }, + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-5548-release-notes/" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "1035606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035606" + }, + { + "name": "86498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86498" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "USN-2953-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2953-1" + }, + { + "name": "openSUSE-SU-2016:1332", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/" + }, + { + "name": "SUSE-SU-2016:1619", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "openSUSE-SU-2016:1664", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168" + }, + { + "name": "DSA-3557", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3557" + }, + { + "name": "RHSA-2016:1602", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1602.html" + }, + { + "name": "DSA-3595", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3595" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "openSUSE-SU-2016:1686", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + }, + { + "name": "SUSE-SU-2016:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0812.json b/2016/0xxx/CVE-2016-0812.json index ce8e8e793bc..ab8464d4ceb 100644 --- a/2016/0xxx/CVE-2016-0812.json +++ b/2016/0xxx/CVE-2016-0812.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-02-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-02-01.html" - }, - { - "name" : "https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541" + }, + { + "name": "http://source.android.com/security/bulletin/2016-02-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1003.json b/2016/1xxx/CVE-2016-1003.json index 0437d54e5ff..2e839e97f9f 100644 --- a/2016/1xxx/CVE-2016-1003.json +++ b/2016/1xxx/CVE-2016-1003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1003", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1003", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1173.json b/2016/1xxx/CVE-2016-1173.json index fae62a460a5..75e33c84c0d 100644 --- a/2016/1xxx/CVE-2016-1173.json +++ b/2016/1xxx/CVE-2016-1173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hiniarata.jp/news/archives/55", - "refsource" : "CONFIRM", - "url" : "https://hiniarata.jp/news/archives/55" - }, - { - "name" : "JVN#26627848", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN26627848/index.html" - }, - { - "name" : "JVNDB-2016-000042", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#26627848", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN26627848/index.html" + }, + { + "name": "https://hiniarata.jp/news/archives/55", + "refsource": "CONFIRM", + "url": "https://hiniarata.jp/news/archives/55" + }, + { + "name": "JVNDB-2016-000042", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000042" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5013.json b/2016/5xxx/CVE-2016-5013.json index a24bbe3c47f..3f9fb415465 100644 --- a/2016/5xxx/CVE-2016-5013.json +++ b/2016/5xxx/CVE-2016-5013.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=336698", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=336698" - }, - { - "name" : "92040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=336698", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=336698" + }, + { + "name": "92040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92040" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5114.json b/2016/5xxx/CVE-2016-5114.json index e5ab6264a23..c93a4a165d0 100644 --- a/2016/5xxx/CVE-2016-5114.json +++ b/2016/5xxx/CVE-2016-5114.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160528 Re: Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/29/1" - }, - { - "name" : "http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine", - "refsource" : "MISC", - "url" : "http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine" - }, - { - "name" : "http://github.com/php/php-src/commit/2721a0148649e07ed74468f097a28899741eb58f?w=1", - "refsource" : "CONFIRM", - "url" : "http://github.com/php/php-src/commit/2721a0148649e07ed74468f097a28899741eb58f?w=1" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70755", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70755" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=70755", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70755" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "[oss-security] 20160528 Re: Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/29/1" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "http://github.com/php/php-src/commit/2721a0148649e07ed74468f097a28899741eb58f?w=1", + "refsource": "CONFIRM", + "url": "http://github.com/php/php-src/commit/2721a0148649e07ed74468f097a28899741eb58f?w=1" + }, + { + "name": "http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine", + "refsource": "MISC", + "url": "http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5169.json b/2016/5xxx/CVE-2016-5169.json index 775cb748f06..291ca038111 100644 --- a/2016/5xxx/CVE-2016-5169.json +++ b/2016/5xxx/CVE-2016-5169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=635879", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=635879" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-chrome-os_9.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-chrome-os_9.html" - }, - { - "name" : "92914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92914" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-chrome-os_9.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-chrome-os_9.html" + }, + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=635879", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=635879" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5965.json b/2016/5xxx/CVE-2016-5965.json index 677364146ef..cfd52498946 100644 --- a/2016/5xxx/CVE-2016-5965.json +++ b/2016/5xxx/CVE-2016-5965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0058.json b/2019/0xxx/CVE-2019-0058.json index 592f49d348b..29cbd3c7af7 100644 --- a/2019/0xxx/CVE-2019-0058.json +++ b/2019/0xxx/CVE-2019-0058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0159.json b/2019/0xxx/CVE-2019-0159.json index 45a6884194b..e3e212970a7 100644 --- a/2019/0xxx/CVE-2019-0159.json +++ b/2019/0xxx/CVE-2019-0159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 2403f064df9..644c66e5f60 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0663.json b/2019/0xxx/CVE-2019-0663.json index d673f8b931a..96ea63f7574 100644 --- a/2019/0xxx/CVE-2019-0663.json +++ b/2019/0xxx/CVE-2019-0663.json @@ -1,143 +1,143 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "8.1 for 32-bit systems" - }, - { - "version_value" : "8.1 for x64-based systems" - }, - { - "version_value" : "RT 8.1" - }, - { - "version_value" : "10 for 32-bit Systems" - }, - { - "version_value" : "10 for x64-based Systems" - }, - { - "version_value" : "10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "10 Version 1709 for ARM64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server", - "version" : { - "version_data" : [ - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "2012" - }, - { - "version_value" : "2012 (Core installation)" - }, - { - "version_value" : "2012 R2" - }, - { - "version_value" : "2012 R2 (Core installation)" - }, - { - "version_value" : "2016" - }, - { - "version_value" : "2016 (Core installation)" - }, - { - "version_value" : "version 1709 (Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "version 1709 (Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663" - }, - { - "name" : "107098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663" + }, + { + "name": "107098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107098" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0923.json b/2019/0xxx/CVE-2019-0923.json index 11c2ceea5c7..1ae94331c02 100644 --- a/2019/0xxx/CVE-2019-0923.json +++ b/2019/0xxx/CVE-2019-0923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1019.json b/2019/1xxx/CVE-2019-1019.json index 499994b9641..96bf8c2de66 100644 --- a/2019/1xxx/CVE-2019-1019.json +++ b/2019/1xxx/CVE-2019-1019.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1019", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1019", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1626.json b/2019/1xxx/CVE-2019-1626.json index 74ce3c3e2d5..9cdc8e5ffff 100644 --- a/2019/1xxx/CVE-2019-1626.json +++ b/2019/1xxx/CVE-2019-1626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1638.json b/2019/1xxx/CVE-2019-1638.json index 1c181471dd3..97da657921f 100644 --- a/2019/1xxx/CVE-2019-1638.json +++ b/2019/1xxx/CVE-2019-1638.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2019-1638", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2019-1638", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" - }, - { - "name" : "106704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106704" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-webex-rce", - "defect" : [ - [ - "CSCvm65148", - "CSCvm65207", - "CSCvm65741", - "CSCvm65747", - "CSCvm65794", - "CSCvm65798", - "CSCvm86137", - "CSCvm86143", - "CSCvm86148", - "CSCvm86157", - "CSCvm86160", - "CSCvm86165" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" + }, + { + "name": "106704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106704" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-webex-rce", + "defect": [ + [ + "CSCvm65148", + "CSCvm65207", + "CSCvm65741", + "CSCvm65747", + "CSCvm65794", + "CSCvm65798", + "CSCvm86137", + "CSCvm86143", + "CSCvm86148", + "CSCvm86157", + "CSCvm86160", + "CSCvm86165" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1753.json b/2019/1xxx/CVE-2019-1753.json index 7bcfae7a455..311a07e2008 100644 --- a/2019/1xxx/CVE-2019-1753.json +++ b/2019/1xxx/CVE-2019-1753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4124.json b/2019/4xxx/CVE-2019-4124.json index dc09aabc3cd..cd7a0d04afc 100644 --- a/2019/4xxx/CVE-2019-4124.json +++ b/2019/4xxx/CVE-2019-4124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4383.json b/2019/4xxx/CVE-2019-4383.json index 1109b3467c9..57f7fbe1b38 100644 --- a/2019/4xxx/CVE-2019-4383.json +++ b/2019/4xxx/CVE-2019-4383.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4383", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4383", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4409.json b/2019/4xxx/CVE-2019-4409.json index c9b517d8f40..619766b691f 100644 --- a/2019/4xxx/CVE-2019-4409.json +++ b/2019/4xxx/CVE-2019-4409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4657.json b/2019/4xxx/CVE-2019-4657.json index b6ed96abb91..50dafb61476 100644 --- a/2019/4xxx/CVE-2019-4657.json +++ b/2019/4xxx/CVE-2019-4657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index 3f70b6203a8..fe711fe6acb 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2019-03.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2019-03.html" - }, - { - "name" : "106482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373" + }, + { + "name": "106482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106482" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2019-03.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5948.json b/2019/5xxx/CVE-2019-5948.json index 73a30d0db04..961677074b1 100644 --- a/2019/5xxx/CVE-2019-5948.json +++ b/2019/5xxx/CVE-2019-5948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5966.json b/2019/5xxx/CVE-2019-5966.json index ecbb66588a1..4fb3dcad8e1 100644 --- a/2019/5xxx/CVE-2019-5966.json +++ b/2019/5xxx/CVE-2019-5966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8205.json b/2019/8xxx/CVE-2019-8205.json index e846cf19f21..700da235329 100644 --- a/2019/8xxx/CVE-2019-8205.json +++ b/2019/8xxx/CVE-2019-8205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8302.json b/2019/8xxx/CVE-2019-8302.json index f38b59672fa..123b4a620be 100644 --- a/2019/8xxx/CVE-2019-8302.json +++ b/2019/8xxx/CVE-2019-8302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8438.json b/2019/8xxx/CVE-2019-8438.json index 84f8f2932b3..9a5786259a2 100644 --- a/2019/8xxx/CVE-2019-8438.json +++ b/2019/8xxx/CVE-2019-8438.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of \"System setting->site setting\" of admin/index.php, aka site_name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/chekun/DiliCMS/issues/61", - "refsource" : "MISC", - "url" : "https://github.com/chekun/DiliCMS/issues/61" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of \"System setting->site setting\" of admin/index.php, aka site_name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chekun/DiliCMS/issues/61", + "refsource": "MISC", + "url": "https://github.com/chekun/DiliCMS/issues/61" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8555.json b/2019/8xxx/CVE-2019-8555.json index 4045e727dcd..29c69f2ffdb 100644 --- a/2019/8xxx/CVE-2019-8555.json +++ b/2019/8xxx/CVE-2019-8555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8665.json b/2019/8xxx/CVE-2019-8665.json index c92c3364123..7da6418a4d7 100644 --- a/2019/8xxx/CVE-2019-8665.json +++ b/2019/8xxx/CVE-2019-8665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9016.json b/2019/9xxx/CVE-2019-9016.json index e364b5c9352..ebac2ce3d13 100644 --- a/2019/9xxx/CVE-2019-9016.json +++ b/2019/9xxx/CVE-2019-9016.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yangsuda/mopcms/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/yangsuda/mopcms/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yangsuda/mopcms/issues/2", + "refsource": "MISC", + "url": "https://github.com/yangsuda/mopcms/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9661.json b/2019/9xxx/CVE-2019-9661.json index 559c3abed52..d6111b2aefa 100644 --- a/2019/9xxx/CVE-2019-9661.json +++ b/2019/9xxx/CVE-2019-9661.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html \"value\" parameter," - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yzmcms/yzmcms/issues/13", - "refsource" : "MISC", - "url" : "https://github.com/yzmcms/yzmcms/issues/13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html \"value\" parameter," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yzmcms/yzmcms/issues/13", + "refsource": "MISC", + "url": "https://github.com/yzmcms/yzmcms/issues/13" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9686.json b/2019/9xxx/CVE-2019-9686.json index 343f1d4d0e5..74789320f89 100644 --- a/2019/9xxx/CVE-2019-9686.json +++ b/2019/9xxx/CVE-2019-9686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL \"pacman -U \" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde", - "refsource" : "MISC", - "url" : "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde" - }, - { - "name" : "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84", - "refsource" : "MISC", - "url" : "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84" - }, - { - "name" : "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775", - "refsource" : "MISC", - "url" : "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL \"pacman -U \" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775", + "refsource": "MISC", + "url": "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775" + }, + { + "name": "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde", + "refsource": "MISC", + "url": "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde" + }, + { + "name": "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84", + "refsource": "MISC", + "url": "https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9771.json b/2019/9xxx/CVE-2019-9771.json index 1c4926e3f04..a94e14ca4bd 100644 --- a/2019/9xxx/CVE-2019-9771.json +++ b/2019/9xxx/CVE-2019-9771.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibreDWG/libredwg/issues/99", - "refsource" : "MISC", - "url" : "https://github.com/LibreDWG/libredwg/issues/99" - }, - { - "name" : "https://savannah.gnu.org/bugs/index.php?55893", - "refsource" : "MISC", - "url" : "https://savannah.gnu.org/bugs/index.php?55893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/bugs/index.php?55893", + "refsource": "MISC", + "url": "https://savannah.gnu.org/bugs/index.php?55893" + }, + { + "name": "https://github.com/LibreDWG/libredwg/issues/99", + "refsource": "MISC", + "url": "https://github.com/LibreDWG/libredwg/issues/99" + } + ] + } +} \ No newline at end of file