diff --git a/1999/0xxx/CVE-1999-0053.json b/1999/0xxx/CVE-1999-0053.json index fd290a1559c..5874d55bd48 100644 --- a/1999/0xxx/CVE-1999-0053.json +++ b/1999/0xxx/CVE-1999-0053.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TCP RST denial of service in FreeBSD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6094", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TCP RST denial of service in FreeBSD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6094", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6094" + } + ] + } +} \ No newline at end of file diff --git a/1999/0xxx/CVE-1999-0923.json b/1999/0xxx/CVE-1999-0923.json index c47ba642399..6d7b3dc95e4 100644 --- a/1999/0xxx/CVE-1999-0923.json +++ b/1999/0xxx/CVE-1999-0923.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ASB99-02", - "refsource" : "ALLAIRE", - "url" : "http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ASB99-02", + "refsource": "ALLAIRE", + "url": "http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0098.json b/2007/0xxx/CVE-2007-0098.json index 8ec6ab1befd..c25ac02f78b 100644 --- a/2007/0xxx/CVE-2007-0098.json +++ b/2007/0xxx/CVE-2007-0098.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3075" - }, - { - "name" : "ADV-2007-0035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0035" - }, - { - "name" : "32352", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32352" - }, - { - "name" : "verliadmin-language-file-include(31241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32352", + "refsource": "OSVDB", + "url": "http://osvdb.org/32352" + }, + { + "name": "3075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3075" + }, + { + "name": "ADV-2007-0035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0035" + }, + { + "name": "verliadmin-language-file-include(31241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31241" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0157.json b/2007/0xxx/CVE-2007-0157.json index 21fc71091db..4f2230b020d 100644 --- a/2007/0xxx/CVE-2007-0157.json +++ b/2007/0xxx/CVE-2007-0157.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[neon] 20070107 invalid chars cause sigserv in neon", - "refsource" : "MLIST", - "url" : "http://mailman.webdav.org/pipermail/neon/2007-January/002362.html" - }, - { - "name" : "[cadaver] 20070123 release 0.22.5", - "refsource" : "MLIST", - "url" : "http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723" - }, - { - "name" : "http://www.webdav.org/cadaver/", - "refsource" : "CONFIRM", - "url" : "http://www.webdav.org/cadaver/" - }, - { - "name" : "MDKSA-2007:013", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:013" - }, - { - "name" : "SUSE-SR:2007:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_02_sr.html" - }, - { - "name" : "22035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22035" - }, - { - "name" : "ADV-2007-0172", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0172" - }, - { - "name" : "ADV-2007-0362", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0362" - }, - { - "name" : "39247", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39247" - }, - { - "name" : "23763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23763" - }, - { - "name" : "23751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23751" - }, - { - "name" : "23984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23984" + }, + { + "name": "[neon] 20070107 invalid chars cause sigserv in neon", + "refsource": "MLIST", + "url": "http://mailman.webdav.org/pipermail/neon/2007-January/002362.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2" + }, + { + "name": "http://www.webdav.org/cadaver/", + "refsource": "CONFIRM", + "url": "http://www.webdav.org/cadaver/" + }, + { + "name": "[cadaver] 20070123 release 0.22.5", + "refsource": "MLIST", + "url": "http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html" + }, + { + "name": "MDKSA-2007:013", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:013" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723" + }, + { + "name": "SUSE-SR:2007:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html" + }, + { + "name": "22035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22035" + }, + { + "name": "ADV-2007-0172", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0172" + }, + { + "name": "23763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23763" + }, + { + "name": "ADV-2007-0362", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0362" + }, + { + "name": "23751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23751" + }, + { + "name": "39247", + "refsource": "OSVDB", + "url": "http://osvdb.org/39247" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0199.json b/2007/0xxx/CVE-2007-0199.json index 76d3cfc5b63..681114bec11 100644 --- a/2007/0xxx/CVE-2007-0199.json +++ b/2007/0xxx/CVE-2007-0199.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via \"an invalid value in a DLSw message... during the capabilities exchange.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070110 DLSw Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml" - }, - { - "name" : "21990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21990" - }, - { - "name" : "oval:org.mitre.oval:def:5714", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5714" - }, - { - "name" : "ADV-2007-0139", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0139" - }, - { - "name" : "32683", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32683" - }, - { - "name" : "1017498", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017498" - }, - { - "name" : "23697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via \"an invalid value in a DLSw message... during the capabilities exchange.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017498", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017498" + }, + { + "name": "20070110 DLSw Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml" + }, + { + "name": "oval:org.mitre.oval:def:5714", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5714" + }, + { + "name": "32683", + "refsource": "OSVDB", + "url": "http://osvdb.org/32683" + }, + { + "name": "21990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21990" + }, + { + "name": "23697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23697" + }, + { + "name": "ADV-2007-0139", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0139" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0243.json b/2007/0xxx/CVE-2007-0243.json index d10e140c262..31f5c0ba684 100644 --- a/2007/0xxx/CVE-2007-0243.json +++ b/2007/0xxx/CVE-2007-0243.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457159/100/0/threaded" - }, - { - "name" : "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457638/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "BEA07-172.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/242" - }, - { - "name" : "GLSA-200702-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml" - }, - { - "name" : "GLSA-200702-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-08.xml" - }, - { - "name" : "HPSBUX02196", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" - }, - { - "name" : "SSRT071318", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" - }, - { - "name" : "RHSA-2007:0166", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0166.html" - }, - { - "name" : "RHSA-2007:0167", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0167.html" - }, - { - "name" : "RHSA-2007:0956", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0956.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "102760", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "TA07-022A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" - }, - { - "name" : "VU#388289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/388289" - }, - { - "name" : "22085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22085" - }, - { - "name" : "oval:org.mitre.oval:def:11073", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073" - }, - { - "name" : "ADV-2007-0211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0211" - }, - { - "name" : "ADV-2007-0936", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0936" - }, - { - "name" : "ADV-2007-1814", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1814" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "32834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32834" - }, - { - "name" : "1017520", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017520" - }, - { - "name" : "23757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23757" - }, - { - "name" : "24202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24202" - }, - { - "name" : "24189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24189" - }, - { - "name" : "24468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24468" - }, - { - "name" : "24993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24993" - }, - { - "name" : "25283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25283" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - }, - { - "name" : "27203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27203" - }, - { - "name" : "26645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26645" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - }, - { - "name" : "2158", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2158" - }, - { - "name" : "jre-gif-bo(31537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457159/100/0/threaded" + }, + { + "name": "102760", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "24468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24468" + }, + { + "name": "RHSA-2007:0166", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0166.html" + }, + { + "name": "VU#388289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/388289" + }, + { + "name": "HPSBUX02196", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" + }, + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "ADV-2007-1814", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1814" + }, + { + "name": "24202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24202" + }, + { + "name": "20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457638/100/0/threaded" + }, + { + "name": "25283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25283" + }, + { + "name": "32834", + "refsource": "OSVDB", + "url": "http://osvdb.org/32834" + }, + { + "name": "24189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24189" + }, + { + "name": "SSRT071318", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "2158", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2158" + }, + { + "name": "1017520", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017520" + }, + { + "name": "RHSA-2007:0956", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "oval:org.mitre.oval:def:11073", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073" + }, + { + "name": "26645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26645" + }, + { + "name": "RHSA-2007:0167", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0167.html" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "23757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23757" + }, + { + "name": "22085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22085" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "24993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24993" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-005.html" + }, + { + "name": "ADV-2007-0211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0211" + }, + { + "name": "27203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27203" + }, + { + "name": "jre-gif-bo(31537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31537" + }, + { + "name": "ADV-2007-0936", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0936" + }, + { + "name": "GLSA-200702-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "GLSA-200702-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml" + }, + { + "name": "TA07-022A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html" + }, + { + "name": "BEA07-172.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/242" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0538.json b/2007/0xxx/CVE-2007-0538.json index ccdab2baf7d..87c728792db 100644 --- a/2007/0xxx/CVE-2007-0538.json +++ b/2007/0xxx/CVE-2007-0538.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070124 DoS against Telligent Community Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457999/100/0/threaded" - }, - { - "name" : "20070124 Weaknesses in Pingback Design", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457996/100/0/threaded" - }, - { - "name" : "33583", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33583" - }, - { - "name" : "33584", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33584" - }, - { - "name" : "2211", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2211", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2211" + }, + { + "name": "33583", + "refsource": "OSVDB", + "url": "http://osvdb.org/33583" + }, + { + "name": "33584", + "refsource": "OSVDB", + "url": "http://osvdb.org/33584" + }, + { + "name": "20070124 Weaknesses in Pingback Design", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457996/100/0/threaded" + }, + { + "name": "20070124 DoS against Telligent Community Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457999/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1101.json b/2007/1xxx/CVE-2007-1101.json index 44867828142..bfe58c9ed61 100644 --- a/2007/1xxx/CVE-2007-1101.json +++ b/2007/1xxx/CVE-2007-1101.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message (\"comment\") or (2) name field, or the (3) q parameter in a search action in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070224 Photostand_1.2.0 Multiple Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461150/100/0/threaded" - }, - { - "name" : "22706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22706" - }, - { - "name" : "22707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22707" - }, - { - "name" : "ADV-2007-0752", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0752" - }, - { - "name" : "33773", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33773" - }, - { - "name" : "24310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24310" - }, - { - "name" : "2296", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2296" - }, - { - "name" : "photostand-index-xss(32701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message (\"comment\") or (2) name field, or the (3) q parameter in a search action in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22706" + }, + { + "name": "2296", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2296" + }, + { + "name": "22707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22707" + }, + { + "name": "photostand-index-xss(32701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32701" + }, + { + "name": "33773", + "refsource": "OSVDB", + "url": "http://osvdb.org/33773" + }, + { + "name": "ADV-2007-0752", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0752" + }, + { + "name": "20070224 Photostand_1.2.0 Multiple Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461150/100/0/threaded" + }, + { + "name": "24310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24310" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1119.json b/2007/1xxx/CVE-2007-1119.json index 8d6443584cf..d142bdad8d5 100644 --- a/2007/1xxx/CVE-2007-1119.json +++ b/2007/1xxx/CVE-2007-1119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the \"Only allow uploads to the following directories\" setting via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html" - }, - { - "name" : "22686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22686" - }, - { - "name" : "ADV-2007-0712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0712" - }, - { - "name" : "33533", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33533" - }, - { - "name" : "24274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the \"Only allow uploads to the following directories\" setting via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33533", + "refsource": "OSVDB", + "url": "http://osvdb.org/33533" + }, + { + "name": "ADV-2007-0712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0712" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html" + }, + { + "name": "22686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22686" + }, + { + "name": "24274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24274" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1489.json b/2007/1xxx/CVE-2007-1489.json index e6fe4cafa22..62cdd52bb2e 100644 --- a/2007/1xxx/CVE-2007-1489.json +++ b/2007/1xxx/CVE-2007-1489.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing \"certain consecutive actions,\" possibly due to a cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=downloadinfo&cat=crip&id=2", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=downloadinfo&cat=crip&id=2" - }, - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=256", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=256" - }, - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=259", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=259" - }, - { - "name" : "20070320 WebAPP Audit", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-March/001446.html" - }, - { - "name" : "33273", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33273" - }, - { - "name" : "24540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing \"certain consecutive actions,\" possibly due to a cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070320 WebAPP Audit", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-March/001446.html" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=downloadinfo&cat=crip&id=2", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=downloadinfo&cat=crip&id=2" + }, + { + "name": "33273", + "refsource": "OSVDB", + "url": "http://osvdb.org/33273" + }, + { + "name": "24540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24540" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=259", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=259" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=256", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=256" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5065.json b/2007/5xxx/CVE-2007-5065.json index f70818ef09f..64714ef6288 100644 --- a/2007/5xxx/CVE-2007-5065.json +++ b/2007/5xxx/CVE-2007-5065.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4440", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4440" - }, - { - "name" : "25760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25760" - }, - { - "name" : "38157", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38157" - }, - { - "name" : "joomla-flashslide-admin-file-include(36719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joomla-flashslide-admin-file-include(36719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36719" + }, + { + "name": "25760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25760" + }, + { + "name": "38157", + "refsource": "OSVDB", + "url": "http://osvdb.org/38157" + }, + { + "name": "4440", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4440" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5318.json b/2007/5xxx/CVE-2007-5318.json index fcd7f7b167e..4587d819064 100644 --- a/2007/5xxx/CVE-2007-5318.json +++ b/2007/5xxx/CVE-2007-5318.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25975" - }, - { - "name" : "41649", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41649" - }, - { - "name" : "27142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27142" - }, - { - "name" : "typolight-preview-information-disclosure(37025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25975" + }, + { + "name": "27142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27142" + }, + { + "name": "41649", + "refsource": "OSVDB", + "url": "http://osvdb.org/41649" + }, + { + "name": "typolight-preview-information-disclosure(37025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37025" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5490.json b/2007/5xxx/CVE-2007-5490.json index 13c0b5982e9..7c04ac5e834 100644 --- a/2007/5xxx/CVE-2007-5490.json +++ b/2007/5xxx/CVE-2007-5490.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4539" - }, - { - "name" : "26094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26094" - }, - { - "name" : "27268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27268" - }, - { - "name" : "okul-default-sql-injection(37237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26094" + }, + { + "name": "4539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4539" + }, + { + "name": "27268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27268" + }, + { + "name": "okul-default-sql-injection(37237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37237" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5811.json b/2007/5xxx/CVE-2007-5811.json index 12814a0c3d8..d1add3842bb 100644 --- a/2007/5xxx/CVE-2007-5811.json +++ b/2007/5xxx/CVE-2007-5811.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4590", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4590" - }, - { - "name" : "20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001844.html" - }, - { - "name" : "20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001845.html" - }, - { - "name" : "26278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26278" - }, - { - "name" : "39018", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39018" - }, - { - "name" : "phpmyconferences-dir-directory-traversal(38183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001844.html" + }, + { + "name": "20071031 phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001845.html" + }, + { + "name": "4590", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4590" + }, + { + "name": "39018", + "refsource": "OSVDB", + "url": "http://osvdb.org/39018" + }, + { + "name": "26278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26278" + }, + { + "name": "phpmyconferences-dir-directory-traversal(38183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38183" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3075.json b/2015/3xxx/CVE-2015-3075.json index 8e16383ef75..228e54dfa12 100644 --- a/2015/3xxx/CVE-2015-3075.json +++ b/2015/3xxx/CVE-2015-3075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-10.html" - }, - { - "name" : "74602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74602" - }, - { - "name" : "1032284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-10.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-10.html" + }, + { + "name": "1032284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032284" + }, + { + "name": "74602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74602" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3237.json b/2015/3xxx/CVE-2015-3237.json index c22d12aa05e..f5bb3efb7c3 100644 --- a/2015/3xxx/CVE-2015-3237.json +++ b/2015/3xxx/CVE-2015-3237.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://curl.haxx.se/docs/adv_20150617B.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20150617B.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "FEDORA-2015-10155", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html" - }, - { - "name" : "GLSA-201509-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-02" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "75387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75387" - }, - { - "name" : "1036371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-10155", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017" + }, + { + "name": "http://curl.haxx.se/docs/adv_20150617B.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20150617B.html" + }, + { + "name": "1036371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036371" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "GLSA-201509-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-02" + }, + { + "name": "75387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75387" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3463.json b/2015/3xxx/CVE-2015-3463.json index 5585db419dd..de5656fa6c9 100644 --- a/2015/3xxx/CVE-2015-3463.json +++ b/2015/3xxx/CVE-2015-3463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3749.json b/2015/3xxx/CVE-2015-3749.json index e3489d83487..ada2f661b00 100644 --- a/2015/3xxx/CVE-2015-3749.json +++ b/2015/3xxx/CVE-2015-3749.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205033", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205033" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "APPLE-SA-2015-08-13-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "76338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76338" - }, - { - "name" : "1033274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033274" + }, + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "76338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76338" + }, + { + "name": "APPLE-SA-2015-08-13-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html" + }, + { + "name": "https://support.apple.com/kb/HT205033", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205033" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6668.json b/2015/6xxx/CVE-2015-6668.json index 6fb35cef049..1e6b862664f 100644 --- a/2015/6xxx/CVE-2015-6668.json +++ b/2015/6xxx/CVE-2015-6668.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/", - "refsource" : "MISC", - "url" : "https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8167", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8167", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8167" + }, + { + "name": "https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/", + "refsource": "MISC", + "url": "https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7203.json b/2015/7xxx/CVE-2015-7203.json index 2f97de4c254..3a317632a71 100644 --- a/2015/7xxx/CVE-2015-7203.json +++ b/2015/7xxx/CVE-2015-7203.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-144.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-144.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1201183", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1201183" - }, - { - "name" : "https://hg.mozilla.org/mozilla-central/rev/e1bcc04808cc", - "refsource" : "CONFIRM", - "url" : "https://hg.mozilla.org/mozilla-central/rev/e1bcc04808cc" - }, - { - "name" : "FEDORA-2015-51b1105902", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html" - }, - { - "name" : "FEDORA-2015-7ab3d3afcf", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2016:0307", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:0308", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" - }, - { - "name" : "openSUSE-SU-2015:2353", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html" - }, - { - "name" : "USN-2833-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2833-1" - }, - { - "name" : "79280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79280" - }, - { - "name" : "1034426", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-144.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-144.html" + }, + { + "name": "https://hg.mozilla.org/mozilla-central/rev/e1bcc04808cc", + "refsource": "CONFIRM", + "url": "https://hg.mozilla.org/mozilla-central/rev/e1bcc04808cc" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "openSUSE-SU-2015:2353", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1201183", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1201183" + }, + { + "name": "openSUSE-SU-2016:0308", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" + }, + { + "name": "FEDORA-2015-7ab3d3afcf", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html" + }, + { + "name": "USN-2833-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2833-1" + }, + { + "name": "79280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79280" + }, + { + "name": "openSUSE-SU-2016:0307", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" + }, + { + "name": "FEDORA-2015-51b1105902", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html" + }, + { + "name": "1034426", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034426" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7375.json b/2015/7xxx/CVE-2015-7375.json index 6070bc6b487..992ce2533b8 100644 --- a/2015/7xxx/CVE-2015-7375.json +++ b/2015/7xxx/CVE-2015-7375.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-251-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7561.json b/2015/7xxx/CVE-2015-7561.json index ebf7cd28d2d..43b0e2034d6 100644 --- a/2015/7xxx/CVE-2015-7561.json +++ b/2015/7xxx/CVE-2015-7561.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-7561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1291963" - }, - { - "name" : "https://github.com/kubernetes/kubernetes/pull/18909", - "refsource" : "CONFIRM", - "url" : "https://github.com/kubernetes/kubernetes/pull/18909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kubernetes/kubernetes/pull/18909", + "refsource": "CONFIRM", + "url": "https://github.com/kubernetes/kubernetes/pull/18909" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7746.json b/2015/7xxx/CVE-2015-7746.json index 038faf3e95d..ccea776f640 100644 --- a/2015/7xxx/CVE-2015-7746.json +++ b/2015/7xxx/CVE-2015-7746.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/index?page=content&id=9010049", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/index?page=content&id=9010049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/index?page=content&id=9010049", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/index?page=content&id=9010049" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8130.json b/2015/8xxx/CVE-2015-8130.json index 9aee6539e57..7418aa67f77 100644 --- a/2015/8xxx/CVE-2015-8130.json +++ b/2015/8xxx/CVE-2015-8130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8154.json b/2015/8xxx/CVE-2015-8154.json index 3cfc7921097..618b421df4e 100644 --- a/2015/8xxx/CVE-2015-8154.json +++ b/2015/8xxx/CVE-2015-8154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to \"RWX Permissions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2015-8154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00" - }, - { - "name" : "84344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84344" - }, - { - "name" : "1035329", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to \"RWX Permissions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035329", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035329" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00" + }, + { + "name": "84344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84344" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8479.json b/2015/8xxx/CVE-2015-8479.json index d920902c251..e1d5f84b3ad 100644 --- a/2015/8xxx/CVE-2015-8479.json +++ b/2015/8xxx/CVE-2015-8479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-8479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=535605", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=535605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=535605", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=535605" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0279.json b/2016/0xxx/CVE-2016-0279.json index b2cca439ed6..a8ffa785198 100644 --- a/2016/0xxx/CVE-2016-0279.json +++ b/2016/0xxx/CVE-2016-0279.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983292", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983292" - }, - { - "name" : "1036091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036091" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0825.json b/2016/0xxx/CVE-2016-0825.json index 3fc6faed11e..fd5c41d3b41 100644 --- a/2016/0xxx/CVE-2016-0825.json +++ b/2016/0xxx/CVE-2016-0825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-03-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-03-01.html" - }, - { - "name" : "84269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84269" + }, + { + "name": "http://source.android.com/security/bulletin/2016-03-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-03-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1549.json b/2016/1xxx/CVE-2016-1549.json index 3e9009b1a58..ea026e92eee 100644 --- a/2016/1xxx/CVE-2016-1549.json +++ b/2016/1xxx/CVE-2016-1549.json @@ -1,120 +1,120 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-1549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-1549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NTP", + "version": { + "version_data": [ + { + "version_value": "4.2.8p3" + }, + { + "version_value": "4.2.8p4" + } + ] + } + } + ] + }, + "vendor_name": "NTP Project" + }, + { + "product": { + "product_data": [ + { + "product_name": "NTPSec", + "version": { + "version_data": [ + { + "version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74" + }, + { + "version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" + } + ] + } + } + ] + }, + "vendor_name": "NTPsec Project" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "NTP", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.8p3" - }, - { - "version_value" : "4.2.8p4" - } - ] - } - } - ] - }, - "vendor_name" : "NTP Project" + "lang": "eng", + "value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/" }, { - "product" : { - "product_data" : [ - { - "product_name" : "NTPSec", - "version" : { - "version_data" : [ - { - "version_value" : "3e160db8dc248a0bcb053b56a80167dc742d2b74" - }, - { - "version_value" : "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" - } - ] - } - } - ] - }, - "vendor_name" : "NTPsec Project" + "name": "88200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/88200" + }, + { + "name": "1035705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035705" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171004-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" + }, + { + "name": "FreeBSD-SA-16:16", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_13", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_13" + }, + { + "name": "GLSA-201607-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-15" } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0083/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0083/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171004-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171004-0002/" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_13", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_13" - }, - { - "name" : "FreeBSD-SA-16:16", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" - }, - { - "name" : "GLSA-201607-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-15" - }, - { - "name" : "88200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/88200" - }, - { - "name" : "1035705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035705" - } - ] - } -} + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1778.json b/2016/1xxx/CVE-2016-1778.json index b1a5e63d2a3..745c2679765 100644 --- a/2016/1xxx/CVE-2016-1778.json +++ b/2016/1xxx/CVE-2016-1778.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160331 WebKitGTK+ Security Advisory WSA-2016-0003", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537948/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-200", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-200" - }, - { - "name" : "https://support.apple.com/HT206166", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206166" - }, - { - "name" : "https://support.apple.com/HT206171", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206171" - }, - { - "name" : "APPLE-SA-2016-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2016-03-21-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html" - }, - { - "name" : "1035353", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-03-21-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-200", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-200" + }, + { + "name": "1035353", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035353" + }, + { + "name": "APPLE-SA-2016-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" + }, + { + "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded" + }, + { + "name": "https://support.apple.com/HT206171", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206171" + }, + { + "name": "https://support.apple.com/HT206166", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206166" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1831.json b/2016/1xxx/CVE-2016-1831.json index deb91799135..4c895efa1df 100644 --- a/2016/1xxx/CVE-2016-1831.json +++ b/2016/1xxx/CVE-2016-1831.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "https://support.apple.com/HT206568", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206568" - }, - { - "name" : "APPLE-SA-2016-05-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90696" - }, - { - "name" : "1035890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "90696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90696" + }, + { + "name": "1035890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035890" + }, + { + "name": "APPLE-SA-2016-05-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html" + }, + { + "name": "https://support.apple.com/HT206568", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206568" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1879.json b/2016/1xxx/CVE-2016-1879.json index 83d0f3b868f..821dc6904a0 100644 --- a/2016/1xxx/CVE-2016-1879.json +++ b/2016/1xxx/CVE-2016-1879.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39305", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39305/" - }, - { - "name" : "http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html" - }, - { - "name" : "FreeBSD-SA-16:01", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc" - }, - { - "name" : "1034673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39305", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39305/" + }, + { + "name": "FreeBSD-SA-16:01", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc" + }, + { + "name": "1034673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034673" + }, + { + "name": "http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1985.json b/2016/1xxx/CVE-2016-1985.json index ffbb8f2658a..2060c15c66f 100644 --- a/2016/1xxx/CVE-2016-1985.json +++ b/2016/1xxx/CVE-2016-1985.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244" - }, - { - "name" : "82259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "82259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82259" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953244" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1987.json b/2016/1xxx/CVE-2016-1987.json index ed356635fb5..94f7277379c 100644 --- a/2016/1xxx/CVE-2016-1987.json +++ b/2016/1xxx/CVE-2016-1987.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04974114", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04974114" - }, - { - "name" : "1035026", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04974114", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04974114" + }, + { + "name": "1035026", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035026" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5733.json b/2016/5xxx/CVE-2016-5733.json index 9c240c860e5..55dde1a4d0d 100644 --- a/2016/5xxx/CVE-2016-5733.json +++ b/2016/5xxx/CVE-2016-5733.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-26/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-26/" - }, - { - "name" : "DSA-3627", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3627" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "openSUSE-SU-2016:1699", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html" - }, - { - "name" : "openSUSE-SU-2016:1700", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html" - }, - { - "name" : "91390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5" + }, + { + "name": "openSUSE-SU-2016:1700", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b" + }, + { + "name": "DSA-3627", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3627" + }, + { + "name": "91390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91390" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-26/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-26/" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + }, + { + "name": "openSUSE-SU-2016:1699", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0025.json b/2019/0xxx/CVE-2019-0025.json index 3bc0ce9ff9a..7913ff3f05b 100644 --- a/2019/0xxx/CVE-2019-0025.json +++ b/2019/0xxx/CVE-2019-0025.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2019-01-09T17:00:00.000Z", - "ID" : "CVE-2019-0025", - "STATE" : "PUBLIC", - "TITLE" : "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Juniper ATP", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "5", - "version_value" : "5.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2019-01-09T17:00:00.000Z", + "ID": "CVE-2019-0025", + "STATE": "PUBLIC", + "TITLE": "Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Juniper ATP", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5", + "version_value": "5.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10918", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10918" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases." - } - ], - "source" : { - "advisory" : "JSA10918", - "defect" : [ - "1365609" - ], - "discovery" : "INTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10918", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10918" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software release have been updated to resolve this specific issue: 5.0.3 and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10918", + "defect": [ + "1365609" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue, however limit the access to only trusted administrators from trusted administrative networks or hosts would minimize the risk." + } + ] +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0450.json b/2019/0xxx/CVE-2019-0450.json index be8b4fcec9a..b420b67831d 100644 --- a/2019/0xxx/CVE-2019-0450.json +++ b/2019/0xxx/CVE-2019-0450.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0450", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0450", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0737.json b/2019/0xxx/CVE-2019-0737.json index 47604ff85f4..2cdd6a996b5 100644 --- a/2019/0xxx/CVE-2019-0737.json +++ b/2019/0xxx/CVE-2019-0737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0820.json b/2019/0xxx/CVE-2019-0820.json index 3d0367ac37d..5a0a5553f43 100644 --- a/2019/0xxx/CVE-2019-0820.json +++ b/2019/0xxx/CVE-2019-0820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0820", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0820", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1132.json b/2019/1xxx/CVE-2019-1132.json index 2b3abe9fcc3..9050a2f85cd 100644 --- a/2019/1xxx/CVE-2019-1132.json +++ b/2019/1xxx/CVE-2019-1132.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1132", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1132", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 53756d54b48..615ab3c91e9 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1551", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1551", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1640.json b/2019/1xxx/CVE-2019-1640.json index 64b8cdc117d..e49930d8ced 100644 --- a/2019/1xxx/CVE-2019-1640.json +++ b/2019/1xxx/CVE-2019-1640.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2019-1640", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2019-1640", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" - }, - { - "name" : "106704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106704" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-webex-rce", - "defect" : [ - [ - "CSCvm65148", - "CSCvm65207", - "CSCvm65741", - "CSCvm65747", - "CSCvm65794", - "CSCvm65798", - "CSCvm86137", - "CSCvm86143", - "CSCvm86148", - "CSCvm86157", - "CSCvm86160", - "CSCvm86165" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190123 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce" + }, + { + "name": "106704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106704" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-webex-rce", + "defect": [ + [ + "CSCvm65148", + "CSCvm65207", + "CSCvm65741", + "CSCvm65747", + "CSCvm65794", + "CSCvm65798", + "CSCvm86137", + "CSCvm86143", + "CSCvm86148", + "CSCvm86157", + "CSCvm86160", + "CSCvm86165" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1865.json b/2019/1xxx/CVE-2019-1865.json index d015ab942ba..a026f40f53e 100644 --- a/2019/1xxx/CVE-2019-1865.json +++ b/2019/1xxx/CVE-2019-1865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4167.json b/2019/4xxx/CVE-2019-4167.json index 5bfacf877b4..9f360ba9ed0 100644 --- a/2019/4xxx/CVE-2019-4167.json +++ b/2019/4xxx/CVE-2019-4167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4356.json b/2019/4xxx/CVE-2019-4356.json index 362680fa5d8..a609b616bd8 100644 --- a/2019/4xxx/CVE-2019-4356.json +++ b/2019/4xxx/CVE-2019-4356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4456.json b/2019/4xxx/CVE-2019-4456.json index 40a91e14554..1e12d940484 100644 --- a/2019/4xxx/CVE-2019-4456.json +++ b/2019/4xxx/CVE-2019-4456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4974.json b/2019/4xxx/CVE-2019-4974.json index 7fc1426d334..2ad0f2675f3 100644 --- a/2019/4xxx/CVE-2019-4974.json +++ b/2019/4xxx/CVE-2019-4974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4974", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4974", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5688.json b/2019/5xxx/CVE-2019-5688.json index 8b1762f0b84..e9f096daf50 100644 --- a/2019/5xxx/CVE-2019-5688.json +++ b/2019/5xxx/CVE-2019-5688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5854.json b/2019/5xxx/CVE-2019-5854.json index c9b4516a9d6..bbf22afc06a 100644 --- a/2019/5xxx/CVE-2019-5854.json +++ b/2019/5xxx/CVE-2019-5854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5883.json b/2019/5xxx/CVE-2019-5883.json index 118e6de65aa..baabb21b8db 100644 --- a/2019/5xxx/CVE-2019-5883.json +++ b/2019/5xxx/CVE-2019-5883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8011.json b/2019/8xxx/CVE-2019-8011.json index f1ff180d906..5e6aa3d25b8 100644 --- a/2019/8xxx/CVE-2019-8011.json +++ b/2019/8xxx/CVE-2019-8011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8680.json b/2019/8xxx/CVE-2019-8680.json index 624608dc0ce..e2372baa1fa 100644 --- a/2019/8xxx/CVE-2019-8680.json +++ b/2019/8xxx/CVE-2019-8680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8891.json b/2019/8xxx/CVE-2019-8891.json index 39f20ee2a0f..a7cd9686a44 100644 --- a/2019/8xxx/CVE-2019-8891.json +++ b/2019/8xxx/CVE-2019-8891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8913.json b/2019/8xxx/CVE-2019-8913.json index 9bf3373cf33..6c7c87d8486 100644 --- a/2019/8xxx/CVE-2019-8913.json +++ b/2019/8xxx/CVE-2019-8913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8913", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8913", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9175.json b/2019/9xxx/CVE-2019-9175.json index b01cbbc2a12..8f634368834 100644 --- a/2019/9xxx/CVE-2019-9175.json +++ b/2019/9xxx/CVE-2019-9175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9175", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index 587559d1c22..3ae63b63f3c 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9593.json b/2019/9xxx/CVE-2019-9593.json index f47b3b0e34b..510c1a6e99a 100644 --- a/2019/9xxx/CVE-2019-9593.json +++ b/2019/9xxx/CVE-2019-9593.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability", + "refsource": "MISC", + "url": "https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability" + } + ] + } +} \ No newline at end of file