From 6e18a544c49bc88c43e28d6d19fb033f6e76b320 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:13:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0007.json | 210 +++++----- 2007/0xxx/CVE-2007-0071.json | 430 ++++++++++----------- 2007/0xxx/CVE-2007-0205.json | 190 +++++----- 2007/0xxx/CVE-2007-0224.json | 150 ++++---- 2007/0xxx/CVE-2007-0774.json | 310 +++++++-------- 2007/1xxx/CVE-2007-1638.json | 200 +++++----- 2007/1xxx/CVE-2007-1872.json | 190 +++++----- 2007/1xxx/CVE-2007-1900.json | 390 +++++++++---------- 2007/3xxx/CVE-2007-3045.json | 160 ++++---- 2007/3xxx/CVE-2007-3048.json | 160 ++++---- 2007/3xxx/CVE-2007-3709.json | 150 ++++---- 2007/4xxx/CVE-2007-4045.json | 250 ++++++------ 2007/4xxx/CVE-2007-4401.json | 180 ++++----- 2007/4xxx/CVE-2007-4717.json | 190 +++++----- 2007/4xxx/CVE-2007-4872.json | 210 +++++----- 2014/5xxx/CVE-2014-5130.json | 150 ++++---- 2014/5xxx/CVE-2014-5279.json | 120 +++--- 2014/5xxx/CVE-2014-5415.json | 130 +++---- 2015/2xxx/CVE-2015-2077.json | 240 ++++++------ 2015/2xxx/CVE-2015-2663.json | 130 +++---- 2015/2xxx/CVE-2015-2880.json | 120 +++--- 2015/2xxx/CVE-2015-2932.json | 180 ++++----- 2015/6xxx/CVE-2015-6141.json | 140 +++---- 2015/6xxx/CVE-2015-6158.json | 160 ++++---- 2015/6xxx/CVE-2015-6948.json | 130 +++---- 2015/6xxx/CVE-2015-6975.json | 180 ++++----- 2015/7xxx/CVE-2015-7284.json | 140 +++---- 2015/7xxx/CVE-2015-7409.json | 120 +++--- 2015/7xxx/CVE-2015-7685.json | 140 +++---- 2016/0xxx/CVE-2016-0344.json | 130 +++---- 2016/0xxx/CVE-2016-0951.json | 140 +++---- 2016/0xxx/CVE-2016-0956.json | 160 ++++---- 2016/1000xxx/CVE-2016-1000008.json | 34 +- 2016/1000xxx/CVE-2016-1000114.json | 140 +++---- 2016/10xxx/CVE-2016-10175.json | 160 ++++---- 2016/10xxx/CVE-2016-10288.json | 120 +++--- 2016/10xxx/CVE-2016-10384.json | 142 +++---- 2016/10xxx/CVE-2016-10696.json | 122 +++--- 2016/1xxx/CVE-2016-1102.json | 190 +++++----- 2016/1xxx/CVE-2016-1800.json | 150 ++++---- 2016/4xxx/CVE-2016-4028.json | 130 +++---- 2016/4xxx/CVE-2016-4386.json | 140 +++---- 2016/4xxx/CVE-2016-4470.json | 590 ++++++++++++++--------------- 2016/4xxx/CVE-2016-4908.json | 150 ++++---- 2019/3xxx/CVE-2019-3358.json | 34 +- 2019/3xxx/CVE-2019-3501.json | 140 +++---- 2019/3xxx/CVE-2019-3643.json | 34 +- 2019/3xxx/CVE-2019-3755.json | 34 +- 2019/4xxx/CVE-2019-4153.json | 34 +- 2019/4xxx/CVE-2019-4208.json | 34 +- 2019/6xxx/CVE-2019-6067.json | 34 +- 2019/6xxx/CVE-2019-6449.json | 34 +- 2019/6xxx/CVE-2019-6673.json | 34 +- 2019/6xxx/CVE-2019-6711.json | 34 +- 2019/6xxx/CVE-2019-6722.json | 34 +- 2019/7xxx/CVE-2019-7094.json | 34 +- 2019/7xxx/CVE-2019-7629.json | 140 +++---- 2019/8xxx/CVE-2019-8295.json | 34 +- 2019/8xxx/CVE-2019-8374.json | 34 +- 2019/8xxx/CVE-2019-8445.json | 34 +- 2019/9xxx/CVE-2019-9124.json | 120 +++--- 2019/9xxx/CVE-2019-9494.json | 34 +- 2019/9xxx/CVE-2019-9577.json | 34 +- 2019/9xxx/CVE-2019-9826.json | 34 +- 64 files changed, 4463 insertions(+), 4463 deletions(-) diff --git a/2007/0xxx/CVE-2007-0007.json b/2007/0xxx/CVE-2007-0007.json index 7458c849133..41cf17fa5be 100644 --- a/2007/0xxx/CVE-2007-0007.json +++ b/2007/0xxx/CVE-2007-0007.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446" - }, - { - "name" : "FEDORA-2007-256", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2725" - }, - { - "name" : "MDKSA-2007:046", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:046" - }, - { - "name" : "22610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22610" - }, - { - "name" : "ADV-2007-0653", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0653" - }, - { - "name" : "24225", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24225" - }, - { - "name" : "24226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24226" - }, - { - "name" : "24317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24317" - }, - { - "name" : "gnucash-symlink(32558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0653", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0653" + }, + { + "name": "FEDORA-2007-256", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2725" + }, + { + "name": "24225", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24225" + }, + { + "name": "24317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24317" + }, + { + "name": "22610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22610" + }, + { + "name": "24226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24226" + }, + { + "name": "MDKSA-2007:046", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:046" + }, + { + "name": "gnucash-symlink(32558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32558" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0071.json b/2007/0xxx/CVE-2007-0071.json index e6bacc78510..2e5cbf0bea9 100644 --- a/2007/0xxx/CVE-2007-0071.json +++ b/2007/0xxx/CVE-2007-0071.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080408 Adobe Flash Player Invalid Pointer Vulnerability", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/289.html" - }, - { - "name" : "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf", - "refsource" : "MISC", - "url" : "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf" - }, - { - "name" : "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/", - "refsource" : "MISC", - "url" : "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/" - }, - { - "name" : "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html", - "refsource" : "MISC", - "url" : "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=4465", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=4465" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-032/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-032/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-11.html" - }, - { - "name" : "APPLE-SA-2008-05-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" - }, - { - "name" : "GLSA-200804-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" - }, - { - "name" : "RHSA-2008:0221", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0221.html" - }, - { - "name" : "238305", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" - }, - { - "name" : "SUSE-SA:2008:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" - }, - { - "name" : "TA08-100A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" - }, - { - "name" : "TA08-150A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" - }, - { - "name" : "TA08-149A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-149A.html" - }, - { - "name" : "VU#159523", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/159523" - }, - { - "name" : "VU#395473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/395473" - }, - { - "name" : "28695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28695" - }, - { - "name" : "29386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29386" - }, - { - "name" : "oval:org.mitre.oval:def:10379", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379" - }, - { - "name" : "ADV-2008-1662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1662/references" - }, - { - "name" : "ADV-2008-1697", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1697" - }, - { - "name" : "ADV-2008-1724", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1724/references" - }, - { - "name" : "44282", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44282" - }, - { - "name" : "1019811", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019811" - }, - { - "name" : "1020114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020114" - }, - { - "name" : "29763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29763" - }, - { - "name" : "29865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29865" - }, - { - "name" : "30404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30404" - }, - { - "name" : "30430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30430" - }, - { - "name" : "30507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30507" - }, - { - "name" : "multimedia-file-integer-overflow(37277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020114" + }, + { + "name": "29865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29865" + }, + { + "name": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf", + "refsource": "MISC", + "url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf" + }, + { + "name": "30507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30507" + }, + { + "name": "29386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29386" + }, + { + "name": "TA08-149A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-149A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-11.html" + }, + { + "name": "ADV-2008-1724", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1724/references" + }, + { + "name": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/", + "refsource": "MISC", + "url": "http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/" + }, + { + "name": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html", + "refsource": "MISC", + "url": "http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html" + }, + { + "name": "RHSA-2008:0221", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0221.html" + }, + { + "name": "TA08-150A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" + }, + { + "name": "oval:org.mitre.oval:def:10379", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-032/" + }, + { + "name": "ADV-2008-1662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1662/references" + }, + { + "name": "44282", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44282" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=4465", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=4465" + }, + { + "name": "30430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30430" + }, + { + "name": "APPLE-SA-2008-05-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" + }, + { + "name": "SUSE-SA:2008:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html" + }, + { + "name": "28695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28695" + }, + { + "name": "29763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29763" + }, + { + "name": "1019811", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019811" + }, + { + "name": "238305", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1" + }, + { + "name": "GLSA-200804-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml" + }, + { + "name": "multimedia-file-integer-overflow(37277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37277" + }, + { + "name": "ADV-2008-1697", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1697" + }, + { + "name": "VU#159523", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/159523" + }, + { + "name": "TA08-100A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html" + }, + { + "name": "VU#395473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/395473" + }, + { + "name": "20080408 Adobe Flash Player Invalid Pointer Vulnerability", + "refsource": "ISS", + "url": "http://www.iss.net/threats/289.html" + }, + { + "name": "30404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30404" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0205.json b/2007/0xxx/CVE-2007-0205.json index 6a4952cff5a..b17aa1430f7 100644 --- a/2007/0xxx/CVE-2007-0205.json +++ b/2007/0xxx/CVE-2007-0205.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via \"..\" sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456218/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/20070107.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/20070107.txt" - }, - { - "name" : "3103", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3103" - }, - { - "name" : "21926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21926" - }, - { - "name" : "31708", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31708" - }, - { - "name" : "31709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31709" - }, - { - "name" : "2135", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2135" - }, - { - "name" : "@lexguestbook-livreinclude-file-include(31397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via \"..\" sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://acid-root.new.fr/poc/20070107.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/20070107.txt" + }, + { + "name": "@lexguestbook-livreinclude-file-include(31397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31397" + }, + { + "name": "31709", + "refsource": "OSVDB", + "url": "http://osvdb.org/31709" + }, + { + "name": "2135", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2135" + }, + { + "name": "31708", + "refsource": "OSVDB", + "url": "http://osvdb.org/31708" + }, + { + "name": "21926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21926" + }, + { + "name": "20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456218/100/0/threaded" + }, + { + "name": "3103", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3103" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0224.json b/2007/0xxx/CVE-2007-0224.json index f0a9061c8c0..951e1e8ffaf 100644 --- a/2007/0xxx/CVE-2007-0224.json +++ b/2007/0xxx/CVE-2007-0224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3115", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3115" - }, - { - "name" : "32732", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32732" - }, - { - "name" : "23699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23699" - }, - { - "name" : "vpasp-shopgift-sql-injection(31447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32732", + "refsource": "OSVDB", + "url": "http://osvdb.org/32732" + }, + { + "name": "vpasp-shopgift-sql-injection(31447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31447" + }, + { + "name": "23699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23699" + }, + { + "name": "3115", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3115" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0774.json b/2007/0xxx/CVE-2007-0774.json index 5251c49447b..01386d52c47 100644 --- a/2007/0xxx/CVE-2007-0774.json +++ b/2007/0xxx/CVE-2007-0774.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461734/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-008.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-008.html" - }, - { - "name" : "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html" - }, - { - "name" : "http://tomcat.apache.org/security-jk.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-jk.html" - }, - { - "name" : "20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a008093f040.shtml" - }, - { - "name" : "GLSA-200703-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml" - }, - { - "name" : "HPSBUX02262", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSRT071447", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "RHSA-2007:0096", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0096.html" - }, - { - "name" : "22791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22791" - }, - { - "name" : "oval:org.mitre.oval:def:5513", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5513" - }, - { - "name" : "ADV-2007-0809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0809" - }, - { - "name" : "ADV-2007-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3386" - }, - { - "name" : "ADV-2008-0331", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0331" - }, - { - "name" : "1017719", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017719" - }, - { - "name" : "24398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24398" - }, - { - "name" : "24558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24558" - }, - { - "name" : "27037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27037" - }, - { - "name" : "28711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28711" - }, - { - "name" : "tomcat-mapuritoworker-bo(32794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html" + }, + { + "name": "RHSA-2007:0096", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0096.html" + }, + { + "name": "ADV-2007-0809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0809" + }, + { + "name": "tomcat-mapuritoworker-bo(32794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32794" + }, + { + "name": "24558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24558" + }, + { + "name": "1017719", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017719" + }, + { + "name": "20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461734/100/0/threaded" + }, + { + "name": "24398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24398" + }, + { + "name": "20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008093f040.shtml" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-008.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-008.html" + }, + { + "name": "ADV-2007-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3386" + }, + { + "name": "oval:org.mitre.oval:def:5513", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5513" + }, + { + "name": "27037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27037" + }, + { + "name": "28711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28711" + }, + { + "name": "SSRT071447", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "HPSBUX02262", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "http://tomcat.apache.org/security-jk.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-jk.html" + }, + { + "name": "ADV-2008-0331", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0331" + }, + { + "name": "22791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22791" + }, + { + "name": "GLSA-200703-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-16.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1638.json b/2007/1xxx/CVE-2007-1638.json index f4b06dc12fe..7e168c97834 100644 --- a/2007/1xxx/CVE-2007-1638.json +++ b/2007/1xxx/CVE-2007-1638.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070314 n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462786/100/100/threaded" - }, - { - "name" : "http://www.nruns.de/security_advisory_phprojekt_csrf.php", - "refsource" : "MISC", - "url" : "http://www.nruns.de/security_advisory_phprojekt_csrf.php" - }, - { - "name" : "http://www.phprojekt.com/index.php?name=News&file=article&sid=276", - "refsource" : "CONFIRM", - "url" : "http://www.phprojekt.com/index.php?name=News&file=article&sid=276" - }, - { - "name" : "GLSA-200706-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-07.xml" - }, - { - "name" : "35162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35162" - }, - { - "name" : "24509", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24509" - }, - { - "name" : "25748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25748" - }, - { - "name" : "2477", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2477" - }, - { - "name" : "phprojekt-multiple-modules-csrf(32989)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070314 n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462786/100/100/threaded" + }, + { + "name": "http://www.nruns.de/security_advisory_phprojekt_csrf.php", + "refsource": "MISC", + "url": "http://www.nruns.de/security_advisory_phprojekt_csrf.php" + }, + { + "name": "35162", + "refsource": "OSVDB", + "url": "http://osvdb.org/35162" + }, + { + "name": "24509", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24509" + }, + { + "name": "2477", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2477" + }, + { + "name": "http://www.phprojekt.com/index.php?name=News&file=article&sid=276", + "refsource": "CONFIRM", + "url": "http://www.phprojekt.com/index.php?name=News&file=article&sid=276" + }, + { + "name": "phprojekt-multiple-modules-csrf(32989)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32989" + }, + { + "name": "GLSA-200706-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml" + }, + { + "name": "25748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25748" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1872.json b/2007/1xxx/CVE-2007-1872.json index 72aca5c8daa..4805b2a5b2b 100644 --- a/2007/1xxx/CVE-2007-1872.json +++ b/2007/1xxx/CVE-2007-1872.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070411 CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465487/100/0/threaded" - }, - { - "name" : "http://int21.de/cve/CVE-2007-1872-toendacms.txt", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2007-1872-toendacms.txt" - }, - { - "name" : "23453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23453" - }, - { - "name" : "ADV-2007-1372", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1372" - }, - { - "name" : "34898", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34898" - }, - { - "name" : "24869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24869" - }, - { - "name" : "2568", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2568" - }, - { - "name" : "toendacms-search-xss(33622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34898", + "refsource": "OSVDB", + "url": "http://osvdb.org/34898" + }, + { + "name": "2568", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2568" + }, + { + "name": "24869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24869" + }, + { + "name": "ADV-2007-1372", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1372" + }, + { + "name": "toendacms-search-xss(33622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33622" + }, + { + "name": "20070411 CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465487/100/0/threaded" + }, + { + "name": "http://int21.de/cve/CVE-2007-1872-toendacms.txt", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2007-1872-toendacms.txt" + }, + { + "name": "23453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23453" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1900.json b/2007/1xxx/CVE-2007-1900.json index e65aa1106b6..5006f846749 100644 --- a/2007/1xxx/CVE-2007-1900.json +++ b/2007/1xxx/CVE-2007-1900.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/PMOPB-45-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/PMOPB-45-2007.html" - }, - { - "name" : "http://www.php.net/releases/5_2_3.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_2_3.php" - }, - { - "name" : "DSA-1283", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1283" - }, - { - "name" : "FEDORA-2007-2215", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" - }, - { - "name" : "GLSA-200705-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200705-19.xml" - }, - { - "name" : "GLSA-200710-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" - }, - { - "name" : "HPSBUX02262", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSRT071447", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" - }, - { - "name" : "SSA:2007-152-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863" - }, - { - "name" : "SUSE-SA:2007:032", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_32_php.html" - }, - { - "name" : "2007-0023", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0023/" - }, - { - "name" : "USN-455-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-455-1" - }, - { - "name" : "23359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23359" - }, - { - "name" : "oval:org.mitre.oval:def:6067", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067" - }, - { - "name" : "ADV-2007-2016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2016" - }, - { - "name" : "ADV-2007-3386", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3386" - }, - { - "name" : "33962", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33962" - }, - { - "name" : "24824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24824" - }, - { - "name" : "25062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25062" - }, - { - "name" : "25057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25057" - }, - { - "name" : "25056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25056" - }, - { - "name" : "25445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25445" - }, - { - "name" : "25535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25535" - }, - { - "name" : "26231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26231" - }, - { - "name" : "27037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27037" - }, - { - "name" : "27110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27110" - }, - { - "name" : "27102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27102" - }, - { - "name" : "php-filtervalidateemail-header-injection(33510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26231" + }, + { + "name": "25056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25056" + }, + { + "name": "27110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27110" + }, + { + "name": "DSA-1283", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1283" + }, + { + "name": "33962", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33962" + }, + { + "name": "GLSA-200705-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml" + }, + { + "name": "ADV-2007-2016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2016" + }, + { + "name": "php-filtervalidateemail-header-injection(33510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510" + }, + { + "name": "GLSA-200710-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" + }, + { + "name": "oval:org.mitre.oval:def:6067", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067" + }, + { + "name": "25062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25062" + }, + { + "name": "http://www.php-security.org/MOPB/PMOPB-45-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html" + }, + { + "name": "FEDORA-2007-2215", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html" + }, + { + "name": "24824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24824" + }, + { + "name": "2007-0023", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0023/" + }, + { + "name": "USN-455-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-455-1" + }, + { + "name": "ADV-2007-3386", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3386" + }, + { + "name": "27037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27037" + }, + { + "name": "SSA:2007-152-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863" + }, + { + "name": "http://www.php.net/releases/5_2_3.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_2_3.php" + }, + { + "name": "SSRT071447", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "HPSBUX02262", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795" + }, + { + "name": "25535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25535" + }, + { + "name": "27102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27102" + }, + { + "name": "25445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25445" + }, + { + "name": "23359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23359" + }, + { + "name": "25057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25057" + }, + { + "name": "SUSE-SA:2007:032", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3045.json b/2007/3xxx/CVE-2007-3045.json index 91b11bd16e4..f2c5f685cbc 100644 --- a/2007/3xxx/CVE-2007-3045.json +++ b/2007/3xxx/CVE-2007-3045.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html" - }, - { - "name" : "ADV-2007-2021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2021" - }, - { - "name" : "36825", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36825" - }, - { - "name" : "25511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25511" - }, - { - "name" : "hitachi-tp1netositp-dos(34661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36825", + "refsource": "OSVDB", + "url": "http://osvdb.org/36825" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html" + }, + { + "name": "ADV-2007-2021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2021" + }, + { + "name": "hitachi-tp1netositp-dos(34661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34661" + }, + { + "name": "25511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25511" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3048.json b/2007/3xxx/CVE-2007-3048.json index b5f98106e2f..3b9bd2e3a7f 100644 --- a/2007/3xxx/CVE-2007-3048.json +++ b/2007/3xxx/CVE-2007-3048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070604 screen 4.0.3 local Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063710.html" - }, - { - "name" : "20070604 screen 4.0.3 local Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063706.html" - }, - { - "name" : "20070604 screen 4.0.3 local Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063728.html" - }, - { - "name" : "20070604 screen 4.0.3 local Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063721.html" - }, - { - "name" : "screen-password-authentication-bypass(34693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070604 screen 4.0.3 local Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063721.html" + }, + { + "name": "screen-password-authentication-bypass(34693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34693" + }, + { + "name": "20070604 screen 4.0.3 local Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063706.html" + }, + { + "name": "20070604 screen 4.0.3 local Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063710.html" + }, + { + "name": "20070604 screen 4.0.3 local Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063728.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3709.json b/2007/3xxx/CVE-2007-3709.json index 39dd734cb95..602c2bb3533 100644 --- a/2007/3xxx/CVE-2007-3709.json +++ b/2007/3xxx/CVE-2007-3709.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070708 CodeIgniter 1.5.3 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473190/100/0/threaded" - }, - { - "name" : "20070709 CodeIgniter 1.5.3 vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html" - }, - { - "name" : "39370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39370" - }, - { - "name" : "2877", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39370", + "refsource": "OSVDB", + "url": "http://osvdb.org/39370" + }, + { + "name": "20070709 CodeIgniter 1.5.3 vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html" + }, + { + "name": "20070708 CodeIgniter 1.5.3 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473190/100/0/threaded" + }, + { + "name": "2877", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2877" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4045.json b/2007/4xxx/CVE-2007-4045.json index e3b89861214..21997297ef6 100644 --- a/2007/4xxx/CVE-2007-4045.json +++ b/2007/4xxx/CVE-2007-4045.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199195", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199195" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=250161", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=250161" - }, - { - "name" : "FEDORA-2007-3100", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html" - }, - { - "name" : "GLSA-200712-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml" - }, - { - "name" : "MDVSA-2008:036", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:036" - }, - { - "name" : "RHSA-2007:1022", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1022.html" - }, - { - "name" : "RHSA-2007:1023", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1023.html" - }, - { - "name" : "SUSE-SR:2007:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" - }, - { - "name" : "26524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26524" - }, - { - "name" : "oval:org.mitre.oval:def:9303", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9303" - }, - { - "name" : "27577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27577" - }, - { - "name" : "27615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27615" - }, - { - "name" : "28113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27577" + }, + { + "name": "28113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28113" + }, + { + "name": "SUSE-SR:2007:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html" + }, + { + "name": "FEDORA-2007-3100", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199195", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199195" + }, + { + "name": "GLSA-200712-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml" + }, + { + "name": "RHSA-2007:1022", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1022.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm" + }, + { + "name": "26524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26524" + }, + { + "name": "27615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27615" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=250161", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250161" + }, + { + "name": "RHSA-2007:1023", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1023.html" + }, + { + "name": "MDVSA-2008:036", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:036" + }, + { + "name": "oval:org.mitre.oval:def:9303", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9303" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4401.json b/2007/4xxx/CVE-2007-4401.json index a8d5ff92e73..4fe355998e6 100644 --- a/2007/4xxx/CVE-2007-4401.json +++ b/2007/4xxx/CVE-2007-4401.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476283/100/0/threaded" - }, - { - "name" : "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html" - }, - { - "name" : "http://wouter.coekaerts.be/site/security/nowplaying", - "refsource" : "MISC", - "url" : "http://wouter.coekaerts.be/site/security/nowplaying" - }, - { - "name" : "25281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25281" - }, - { - "name" : "26491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26491" - }, - { - "name" : "3036", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3036" - }, - { - "name" : "irc-multiple-command-execution(35985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25281" + }, + { + "name": "3036", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3036" + }, + { + "name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html" + }, + { + "name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded" + }, + { + "name": "irc-multiple-command-execution(35985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985" + }, + { + "name": "http://wouter.coekaerts.be/site/security/nowplaying", + "refsource": "MISC", + "url": "http://wouter.coekaerts.be/site/security/nowplaying" + }, + { + "name": "26491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26491" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4717.json b/2007/4xxx/CVE-2007-4717.json index 2f64346af9f..42e328400ab 100644 --- a/2007/4xxx/CVE-2007-4717.json +++ b/2007/4xxx/CVE-2007-4717.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.claroline.net/forum/viewtopic.php?t=13448", - "refsource" : "CONFIRM", - "url" : "http://www.claroline.net/forum/viewtopic.php?t=13448" - }, - { - "name" : "http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security", - "refsource" : "CONFIRM", - "url" : "http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security" - }, - { - "name" : "25521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25521" - }, - { - "name" : "ADV-2007-3045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3045" - }, - { - "name" : "38925", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38925" - }, - { - "name" : "38926", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38926" - }, - { - "name" : "38927", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38927" - }, - { - "name" : "26685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.claroline.net/forum/viewtopic.php?t=13448", + "refsource": "CONFIRM", + "url": "http://www.claroline.net/forum/viewtopic.php?t=13448" + }, + { + "name": "38925", + "refsource": "OSVDB", + "url": "http://osvdb.org/38925" + }, + { + "name": "http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security", + "refsource": "CONFIRM", + "url": "http://www.claroline.net/wiki/index.php/Changelog_1.8.x#Security" + }, + { + "name": "38927", + "refsource": "OSVDB", + "url": "http://osvdb.org/38927" + }, + { + "name": "25521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25521" + }, + { + "name": "26685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26685" + }, + { + "name": "ADV-2007-3045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3045" + }, + { + "name": "38926", + "refsource": "OSVDB", + "url": "http://osvdb.org/38926" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4872.json b/2007/4xxx/CVE-2007-4872.json index 8a62b207613..bf9ed80b7f9 100644 --- a/2007/4xxx/CVE-2007-4872.json +++ b/2007/4xxx/CVE-2007-4872.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/480588/100/0/threaded" - }, - { - "name" : "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066052.html" - }, - { - "name" : "http://www.netvigilance.com/advisory0068", - "refsource" : "MISC", - "url" : "http://www.netvigilance.com/advisory0068" - }, - { - "name" : "http://forum.boesch-it.de/viewtopic.php?t=2791", - "refsource" : "CONFIRM", - "url" : "http://forum.boesch-it.de/viewtopic.php?t=2791" - }, - { - "name" : "43540", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43540" - }, - { - "name" : "43541", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43541" - }, - { - "name" : "43542", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43542" - }, - { - "name" : "43543", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43543" - }, - { - "name" : "3174", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3174" - }, - { - "name" : "simpnews-multiple-information-disclosure(36779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43541", + "refsource": "OSVDB", + "url": "http://osvdb.org/43541" + }, + { + "name": "http://forum.boesch-it.de/viewtopic.php?t=2791", + "refsource": "CONFIRM", + "url": "http://forum.boesch-it.de/viewtopic.php?t=2791" + }, + { + "name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066052.html" + }, + { + "name": "43540", + "refsource": "OSVDB", + "url": "http://osvdb.org/43540" + }, + { + "name": "simpnews-multiple-information-disclosure(36779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36779" + }, + { + "name": "20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/480588/100/0/threaded" + }, + { + "name": "3174", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3174" + }, + { + "name": "43543", + "refsource": "OSVDB", + "url": "http://osvdb.org/43543" + }, + { + "name": "http://www.netvigilance.com/advisory0068", + "refsource": "MISC", + "url": "http://www.netvigilance.com/advisory0068" + }, + { + "name": "43542", + "refsource": "OSVDB", + "url": "http://osvdb.org/43542" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5130.json b/2014/5xxx/CVE-2014-5130.json index 5b893927b05..ab4abc4d8ba 100644 --- a/2014/5xxx/CVE-2014-5130.json +++ b/2014/5xxx/CVE-2014-5130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533345/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html" - }, - { - "name" : "69621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69621" - }, - { - "name" : "projectdox-cve20145130-unath-access(95735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avolve Software ProjectDox 8.1 allows remote authenticated users to obtain sensitive information from other users via vectors involving a direct access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69621" + }, + { + "name": "20140903 Avolve Software ProjectDox Multiple Vulnerability Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533345/100/0/threaded" + }, + { + "name": "projectdox-cve20145130-unath-access(95735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95735" + }, + { + "name": "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128157/ProjectDox-8.1-XSS-User-Enumeration-Ciphertext-Reuse.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5279.json b/2014/5xxx/CVE-2014-5279.json index ccd82e4b402..ee62f235c1e 100644 --- a/2014/5xxx/CVE-2014-5279.json +++ b/2014/5xxx/CVE-2014-5279.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/forum/#!msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5415.json b/2014/5xxx/CVE-2014-5415.json index 4b64f13f3fd..1571bf916e9 100644 --- a/2014/5xxx/CVE-2014-5415.json +++ b/2014/5xxx/CVE-2014-5415.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-5415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02" - }, - { - "name" : "93349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93349" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2077.json b/2015/2xxx/CVE-2015-2077.json index f7052c07872..f7f64c15a44 100644 --- a/2015/2xxx/CVE-2015-2077.json +++ b/2015/2xxx/CVE-2015-2077.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4", - "refsource" : "MISC", - "url" : "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4" - }, - { - "name" : "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4", - "refsource" : "MISC", - "url" : "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4" - }, - { - "name" : "http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/", - "refsource" : "MISC", - "url" : "http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/" - }, - { - "name" : "http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish", - "refsource" : "MISC", - "url" : "http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish" - }, - { - "name" : "http://www.wired.com/2015/02/lenovo-superfish/", - "refsource" : "MISC", - "url" : "http://www.wired.com/2015/02/lenovo-superfish/" - }, - { - "name" : "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/", - "refsource" : "MISC", - "url" : "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/" - }, - { - "name" : "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339", - "refsource" : "MISC", - "url" : "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339" - }, - { - "name" : "http://news.lenovo.com/article_display.cfm?article_id=1929", - "refsource" : "CONFIRM", - "url" : "http://news.lenovo.com/article_display.cfm?article_id=1929" - }, - { - "name" : "http://support.lenovo.com/us/en/product_security/superfish", - "refsource" : "CONFIRM", - "url" : "http://support.lenovo.com/us/en/product_security/superfish" - }, - { - "name" : "TA15-051A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA15-051A.html" - }, - { - "name" : "VU#529496", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/529496" - }, - { - "name" : "72693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72693" - }, - { - "name" : "1031779", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72693" + }, + { + "name": "TA15-051A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA15-051A.html" + }, + { + "name": "http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish", + "refsource": "MISC", + "url": "http://www.theguardian.com/technology/2015/feb/19/lenovo-accused-compromising-user-security-installing-adware-pcs-superfish" + }, + { + "name": "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4", + "refsource": "MISC", + "url": "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4" + }, + { + "name": "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4", + "refsource": "MISC", + "url": "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4" + }, + { + "name": "1031779", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031779" + }, + { + "name": "VU#529496", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/529496" + }, + { + "name": "http://www.wired.com/2015/02/lenovo-superfish/", + "refsource": "MISC", + "url": "http://www.wired.com/2015/02/lenovo-superfish/" + }, + { + "name": "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339", + "refsource": "MISC", + "url": "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339" + }, + { + "name": "http://support.lenovo.com/us/en/product_security/superfish", + "refsource": "CONFIRM", + "url": "http://support.lenovo.com/us/en/product_security/superfish" + }, + { + "name": "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/", + "refsource": "MISC", + "url": "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/" + }, + { + "name": "http://news.lenovo.com/article_display.cfm?article_id=1929", + "refsource": "CONFIRM", + "url": "http://news.lenovo.com/article_display.cfm?article_id=1929" + }, + { + "name": "http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/", + "refsource": "MISC", + "url": "http://marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2663.json b/2015/2xxx/CVE-2015-2663.json index 7e0387a4252..b8679d0fada 100644 --- a/2015/2xxx/CVE-2015-2663.json +++ b/2015/2xxx/CVE-2015-2663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Business Process Automation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Business Process Automation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032915" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2880.json b/2015/2xxx/CVE-2015-2880.json index ec34b9d9594..a8cc32375a9 100644 --- a/2015/2xxx/CVE-2015-2880.json +++ b/2015/2xxx/CVE-2015-2880.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2015-2880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRENDnet WiFi Baby Cam TV-IP743SIC", - "version" : { - "version_data" : [ - { - "version_value" : "TRENDnet WiFi Baby Cam TV-IP743SIC" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "backdoor" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRENDnet WiFi Baby Cam TV-IP743SIC", + "version": { + "version_data": [ + { + "version_value": "TRENDnet WiFi Baby Cam TV-IP743SIC" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "backdoor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2932.json b/2015/2xxx/CVE-2015-2932.json index 52ff3ca80e0..e664521ef54 100644 --- a/2015/2xxx/CVE-2015-2932.json +++ b/2015/2xxx/CVE-2015-2932.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", - "refsource" : "MLIST", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" - }, - { - "name" : "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/01/1" - }, - { - "name" : "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/07/3" - }, - { - "name" : "https://phabricator.wikimedia.org/T86711", - "refsource" : "CONFIRM", - "url" : "https://phabricator.wikimedia.org/T86711" - }, - { - "name" : "GLSA-201510-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-05" - }, - { - "name" : "MDVSA-2015:200", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200" - }, - { - "name" : "73477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201510-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-05" + }, + { + "name": "MDVSA-2015:200", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200" + }, + { + "name": "73477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73477" + }, + { + "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3" + }, + { + "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1" + }, + { + "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", + "refsource": "MLIST", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" + }, + { + "name": "https://phabricator.wikimedia.org/T86711", + "refsource": "CONFIRM", + "url": "https://phabricator.wikimedia.org/T86711" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6141.json b/2015/6xxx/CVE-2015-6141.json index 0d3fc7e68ca..2fac3191255 100644 --- a/2015/6xxx/CVE-2015-6141.json +++ b/2015/6xxx/CVE-2015-6141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6134." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-585", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-585" - }, - { - "name" : "MS15-124", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124" - }, - { - "name" : "1034315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6134." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-585", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-585" + }, + { + "name": "1034315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034315" + }, + { + "name": "MS15-124", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6158.json b/2015/6xxx/CVE-2015-6158.json index 5572c99957e..6e83b8eb290 100644 --- a/2015/6xxx/CVE-2015-6158.json +++ b/2015/6xxx/CVE-2015-6158.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159, and CVE-2015-6160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160101 Microsoft Internet Explorer and Edge \"Layout_MultiColumnBoxBuilder\" Type Confusion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1214" - }, - { - "name" : "MS15-124", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124" - }, - { - "name" : "MS15-125", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125" - }, - { - "name" : "1034315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034315" - }, - { - "name" : "1034316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159, and CVE-2015-6160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034315" + }, + { + "name": "MS15-124", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124" + }, + { + "name": "MS15-125", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125" + }, + { + "name": "1034316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034316" + }, + { + "name": "20160101 Microsoft Internet Explorer and Edge \"Layout_MultiColumnBoxBuilder\" Type Confusion Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1214" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6948.json b/2015/6xxx/CVE-2015-6948.json index cb66977e1be..55937de4d57 100644 --- a/2015/6xxx/CVE-2015-6948.json +++ b/2015/6xxx/CVE-2015-6948.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-410", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-410" - }, - { - "name" : "1033559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033559" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-410", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-410" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6975.json b/2015/6xxx/CVE-2015-6975.json index 063e9190916..148d03b703f 100644 --- a/2015/6xxx/CVE-2015-6975.json +++ b/2015/6xxx/CVE-2015-6975.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-6975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "https://support.apple.com/HT205372", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205372" - }, - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-10-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "https://support.apple.com/HT205372", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205372" + }, + { + "name": "APPLE-SA-2015-10-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7284.json b/2015/7xxx/CVE-2015-7284.json index 6a799e86cad..bae0d0d0705 100644 --- a/2015/7xxx/CVE-2015-7284.json +++ b/2015/7xxx/CVE-2015-7284.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#330000", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/330000" - }, - { - "name" : "78819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78819" - }, - { - "name" : "1034554", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034554", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034554" + }, + { + "name": "78819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78819" + }, + { + "name": "VU#330000", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/330000" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7409.json b/2015/7xxx/CVE-2015-7409.json index 21a3d5a7349..8f5c9f049a3 100644 --- a/2015/7xxx/CVE-2015-7409.json +++ b/2015/7xxx/CVE-2015-7409.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-7409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973175", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973175", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973175" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7685.json b/2015/7xxx/CVE-2015-7685.json index 6d9b5f3c053..7b9de49904b 100644 --- a/2015/7xxx/CVE-2015-7685.json +++ b/2015/7xxx/CVE-2015-7685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150217 [CVE-REQUEST] Multiple vulnerabilities on GLPI", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/71" - }, - { - "name" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338", - "refsource" : "CONFIRM", - "url" : "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338" - }, - { - "name" : "https://forge.glpi-project.org/issues/5218", - "refsource" : "CONFIRM", - "url" : "https://forge.glpi-project.org/issues/5218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forge.glpi-project.org/issues/5218", + "refsource": "CONFIRM", + "url": "https://forge.glpi-project.org/issues/5218" + }, + { + "name": "20150217 [CVE-REQUEST] Multiple vulnerabilities on GLPI", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/71" + }, + { + "name": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338", + "refsource": "CONFIRM", + "url": "http://www.glpi-project.org/spip.php?page=annonce&id_breve=338" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0344.json b/2016/0xxx/CVE-2016-0344.json index 3a16ffbbd68..bd9a637adb1 100644 --- a/2016/0xxx/CVE-2016-0344.json +++ b/2016/0xxx/CVE-2016-0344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980234", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980234" - }, - { - "name" : "ibm-tririga-cve20160344-xss(111785)", - "refsource" : "XF", - "url" : "http://exchange.xforce.ibmcloud.com/vulnerabilities/111785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980234", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980234" + }, + { + "name": "ibm-tririga-cve20160344-xss(111785)", + "refsource": "XF", + "url": "http://exchange.xforce.ibmcloud.com/vulnerabilities/111785" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0951.json b/2016/0xxx/CVE-2016-0951.json index 0c9fdacc52f..7d309e166df 100644 --- a/2016/0xxx/CVE-2016-0951.json +++ b/2016/0xxx/CVE-2016-0951.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39429", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39429/" - }, - { - "name" : "https://helpx.adobe.com/security/products/photoshop/apsb16-03.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/photoshop/apsb16-03.html" - }, - { - "name" : "1034979", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/photoshop/apsb16-03.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/photoshop/apsb16-03.html" + }, + { + "name": "1034979", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034979" + }, + { + "name": "39429", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39429/" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0956.json b/2016/0xxx/CVE-2016-0956.json index 2802e8b04fe..ddb3b2005f1 100644 --- a/2016/0xxx/CVE-2016-0956.json +++ b/2016/0xxx/CVE-2016-0956.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537498/100/0/threaded" - }, - { - "name" : "39435", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39435/" - }, - { - "name" : "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Feb/48" - }, - { - "name" : "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160210 Apache Sling Framework v2.3.6 (Adobe AEM) [CVE-2016-0956] - Information Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Feb/48" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html" + }, + { + "name": "20160210 Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537498/100/0/threaded" + }, + { + "name": "39435", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39435/" + }, + { + "name": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000008.json b/2016/1000xxx/CVE-2016-1000008.json index 9045b38464a..7f37a302ce5 100644 --- a/2016/1000xxx/CVE-2016-1000008.json +++ b/2016/1000xxx/CVE-2016-1000008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000114.json b/2016/1000xxx/CVE-2016-1000114.json index fc695d04521..32ef1b0e8ea 100644 --- a/2016/1000xxx/CVE-2016-1000114.json +++ b/2016/1000xxx/CVE-2016-1000114.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS in huge IT gallery v1.1.5 for Joomla" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro", - "refsource" : "MISC", - "url" : "http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=164", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=164" - }, - { - "name" : "92102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in huge IT gallery v1.1.5 for Joomla" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=164", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=164" + }, + { + "name": "http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro", + "refsource": "MISC", + "url": "http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro" + }, + { + "name": "92102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92102" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10175.json b/2016/10xxx/CVE-2016-10175.json index 35f1fc4da2c..176d2e9ed34 100644 --- a/2016/10xxx/CVE-2016-10175.json +++ b/2016/10xxx/CVE-2016-10175.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40949", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40949/" - }, - { - "name" : "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", - "refsource" : "MISC", - "url" : "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability" - }, - { - "name" : "http://seclists.org/fulldisclosure/2016/Dec/72", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2016/Dec/72" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt" - }, - { - "name" : "95867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2016/Dec/72", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2016/Dec/72" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt" + }, + { + "name": "95867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95867" + }, + { + "name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability", + "refsource": "MISC", + "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability" + }, + { + "name": "40949", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40949/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10288.json b/2016/10xxx/CVE-2016-10288.json index b4a56715db2..e1a2f99ec46 100644 --- a/2016/10xxx/CVE-2016-10288.json +++ b/2016/10xxx/CVE-2016-10288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10384.json b/2016/10xxx/CVE-2016-10384.json index b237cac4e0d..10f431307bd 100644 --- a/2016/10xxx/CVE-2016-10384.json +++ b/2016/10xxx/CVE-2016-10384.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reachable Assertion in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10696.json b/2016/10xxx/CVE-2016-10696.json index 34cf19d6f27..3b6b467799b 100644 --- a/2016/10xxx/CVE-2016-10696.json +++ b/2016/10xxx/CVE-2016-10696.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "windows-latestchromedriver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "windows-latestchromedriver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/295", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/295", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/295" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1102.json b/2016/1xxx/CVE-2016-1102.json index a3744e5b514..7be8dacd3a2 100644 --- a/2016/1xxx/CVE-2016-1102.json +++ b/2016/1xxx/CVE-2016-1102.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39824", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39824/" - }, - { - "name" : "http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "MS16-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "SUSE-SU-2016:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - }, - { - "name" : "1035827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39824", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39824/" + }, + { + "name": "SUSE-SU-2016:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "1035827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035827" + }, + { + "name": "MS16-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + }, + { + "name": "http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1800.json b/2016/1xxx/CVE-2016-1800.json index 4ea829d55ec..0df335af725 100644 --- a/2016/1xxx/CVE-2016-1800.json +++ b/2016/1xxx/CVE-2016-1800.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206567", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206567" - }, - { - "name" : "APPLE-SA-2016-05-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" - }, - { - "name" : "90696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90696" - }, - { - "name" : "1035895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT206567", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206567" + }, + { + "name": "APPLE-SA-2016-05-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html" + }, + { + "name": "90696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90696" + }, + { + "name": "1035895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035895" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4028.json b/2016/4xxx/CVE-2016-4028.json index fc1e3a921ee..a4c782515c9 100644 --- a/2016/4xxx/CVE-2016-4028.json +++ b/2016/4xxx/CVE-2016-4028.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's \"OxReaderID\" cookie and the value of the \"auth\" parameter needs to be known to the attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160622 Open-Xchange Security Advisory 2016-06-22", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538732/100/0/threaded" - }, - { - "name" : "1036154", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's \"OxReaderID\" cookie and the value of the \"auth\" parameter needs to be known to the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036154", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036154" + }, + { + "name": "20160622 Open-Xchange Security Advisory 2016-06-22", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538732/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4386.json b/2016/4xxx/CVE-2016-4386.json index 4e7012553f7..f8c97aaace9 100644 --- a/2016/4xxx/CVE-2016-4386.json +++ b/2016/4xxx/CVE-2016-4386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05281739", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05281739" - }, - { - "name" : "93218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93218" - }, - { - "name" : "1036929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05281739", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05281739" + }, + { + "name": "93218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93218" + }, + { + "name": "1036929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036929" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4470.json b/2016/4xxx/CVE-2016-4470.json index 04a0cf6f1e8..12d5758afe2 100644 --- a/2016/4xxx/CVE-2016-4470.json +++ b/2016/4xxx/CVE-2016-4470.json @@ -1,297 +1,297 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/15/11" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1341716", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1341716" - }, - { - "name" : "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "RHSA-2016:1532", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1532.html" - }, - { - "name" : "RHSA-2016:1539", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1539.html" - }, - { - "name" : "RHSA-2016:1541", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1541.html" - }, - { - "name" : "RHSA-2016:1657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1657.html" - }, - { - "name" : "RHSA-2016:2006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2006.html" - }, - { - "name" : "RHSA-2016:2074", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2074.html" - }, - { - "name" : "RHSA-2016:2076", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2076.html" - }, - { - "name" : "RHSA-2016:2128", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2128.html" - }, - { - "name" : "RHSA-2016:2133", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2133.html" - }, - { - "name" : "SUSE-SU-2016:1937", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2016:1998", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html" - }, - { - "name" : "SUSE-SU-2016:1999", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html" - }, - { - "name" : "SUSE-SU-2016:2018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:1985", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" - }, - { - "name" : "SUSE-SU-2016:2000", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" - }, - { - "name" : "SUSE-SU-2016:2001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2016:2002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" - }, - { - "name" : "SUSE-SU-2016:2003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" - }, - { - "name" : "SUSE-SU-2016:2006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" - }, - { - "name" : "SUSE-SU-2016:2007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:2010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:2011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" - }, - { - "name" : "SUSE-SU-2016:1961", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2016:1994", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:1995", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" - }, - { - "name" : "SUSE-SU-2016:2005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" - }, - { - "name" : "SUSE-SU-2016:2009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:2014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" - }, - { - "name" : "SUSE-SU-2016:2105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:2184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" - }, - { - "name" : "USN-3049-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3049-1" - }, - { - "name" : "USN-3050-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3050-1" - }, - { - "name" : "USN-3051-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3051-1" - }, - { - "name" : "USN-3052-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3052-1" - }, - { - "name" : "USN-3053-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3053-1" - }, - { - "name" : "USN-3054-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3054-1" - }, - { - "name" : "USN-3055-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3055-1" - }, - { - "name" : "USN-3056-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3056-1" - }, - { - "name" : "USN-3057-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3057-1" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "SUSE-SU-2016:2010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" + }, + { + "name": "SUSE-SU-2016:2011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" + }, + { + "name": "USN-3054-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3054-1" + }, + { + "name": "SUSE-SU-2016:2003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" + }, + { + "name": "RHSA-2016:1657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html" + }, + { + "name": "SUSE-SU-2016:1994", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" + }, + { + "name": "USN-3051-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3051-1" + }, + { + "name": "RHSA-2016:2128", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html" + }, + { + "name": "SUSE-SU-2016:1961", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" + }, + { + "name": "RHSA-2016:2133", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "SUSE-SU-2016:2001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" + }, + { + "name": "SUSE-SU-2016:1985", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" + }, + { + "name": "USN-3053-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3053-1" + }, + { + "name": "openSUSE-SU-2016:2184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html" + }, + { + "name": "SUSE-SU-2016:1998", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html" + }, + { + "name": "USN-3055-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3055-1" + }, + { + "name": "SUSE-SU-2016:2006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" + }, + { + "name": "USN-3056-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3056-1" + }, + { + "name": "USN-3052-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3052-1" + }, + { + "name": "USN-3049-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3049-1" + }, + { + "name": "RHSA-2016:1541", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html" + }, + { + "name": "SUSE-SU-2016:2014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" + }, + { + "name": "SUSE-SU-2016:2018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "RHSA-2016:1539", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "RHSA-2016:1532", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html" + }, + { + "name": "RHSA-2016:2006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html" + }, + { + "name": "SUSE-SU-2016:2009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a" + }, + { + "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716" + }, + { + "name": "USN-3050-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3050-1" + }, + { + "name": "SUSE-SU-2016:2005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" + }, + { + "name": "SUSE-SU-2016:2007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" + }, + { + "name": "SUSE-SU-2016:1999", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html" + }, + { + "name": "SUSE-SU-2016:2000", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" + }, + { + "name": "RHSA-2016:2076", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html" + }, + { + "name": "USN-3057-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3057-1" + }, + { + "name": "SUSE-SU-2016:1995", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" + }, + { + "name": "RHSA-2016:2074", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html" + }, + { + "name": "SUSE-SU-2016:2105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html" + }, + { + "name": "SUSE-SU-2016:2002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a" + }, + { + "name": "SUSE-SU-2016:1937", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4908.json b/2016/4xxx/CVE-2016-4908.json index 290187f087a..0e7486b39c1 100644 --- a/2016/4xxx/CVE-2016-4908.json +++ b/2016/4xxx/CVE-2016-4908.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2016-4908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9399", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/9399" - }, - { - "name" : "JVN#14631222", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN14631222/index.html" - }, - { - "name" : "94966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94966" - }, - { - "name" : "97912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#14631222", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN14631222/index.html" + }, + { + "name": "97912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97912" + }, + { + "name": "94966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94966" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9399", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/9399" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3358.json b/2019/3xxx/CVE-2019-3358.json index f8547fe66d0..c9cec582ad0 100644 --- a/2019/3xxx/CVE-2019-3358.json +++ b/2019/3xxx/CVE-2019-3358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3501.json b/2019/3xxx/CVE-2019-3501.json index 4b562014c30..0a3e0f162d9 100644 --- a/2019/3xxx/CVE-2019-3501.json +++ b/2019/3xxx/CVE-2019-3501.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46080", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46080/" - }, - { - "name" : "https://github.com/Sama34/OUGC-Awards/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/Sama34/OUGC-Awards/issues/29" - }, - { - "name" : "https://github.com/Sama34/OUGC-Awards/pull/31", - "refsource" : "MISC", - "url" : "https://github.com/Sama34/OUGC-Awards/pull/31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46080", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46080/" + }, + { + "name": "https://github.com/Sama34/OUGC-Awards/pull/31", + "refsource": "MISC", + "url": "https://github.com/Sama34/OUGC-Awards/pull/31" + }, + { + "name": "https://github.com/Sama34/OUGC-Awards/issues/29", + "refsource": "MISC", + "url": "https://github.com/Sama34/OUGC-Awards/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3643.json b/2019/3xxx/CVE-2019-3643.json index 395a192526c..67b798582a0 100644 --- a/2019/3xxx/CVE-2019-3643.json +++ b/2019/3xxx/CVE-2019-3643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3755.json b/2019/3xxx/CVE-2019-3755.json index dfbc7c2a094..81986a96fd9 100644 --- a/2019/3xxx/CVE-2019-3755.json +++ b/2019/3xxx/CVE-2019-3755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4153.json b/2019/4xxx/CVE-2019-4153.json index 7997955a9c9..bb1b3307b94 100644 --- a/2019/4xxx/CVE-2019-4153.json +++ b/2019/4xxx/CVE-2019-4153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4208.json b/2019/4xxx/CVE-2019-4208.json index 3e2e069ffde..d03ca7bff6b 100644 --- a/2019/4xxx/CVE-2019-4208.json +++ b/2019/4xxx/CVE-2019-4208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6067.json b/2019/6xxx/CVE-2019-6067.json index d2235ad5f9f..9daac671ee9 100644 --- a/2019/6xxx/CVE-2019-6067.json +++ b/2019/6xxx/CVE-2019-6067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6449.json b/2019/6xxx/CVE-2019-6449.json index a36d2683690..0a316893269 100644 --- a/2019/6xxx/CVE-2019-6449.json +++ b/2019/6xxx/CVE-2019-6449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6673.json b/2019/6xxx/CVE-2019-6673.json index ebef2971ab5..857ec63e921 100644 --- a/2019/6xxx/CVE-2019-6673.json +++ b/2019/6xxx/CVE-2019-6673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6711.json b/2019/6xxx/CVE-2019-6711.json index 1f5112fd3f5..b91ecb8cc64 100644 --- a/2019/6xxx/CVE-2019-6711.json +++ b/2019/6xxx/CVE-2019-6711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6722.json b/2019/6xxx/CVE-2019-6722.json index 1b7aed4bcf9..ccce53f0000 100644 --- a/2019/6xxx/CVE-2019-6722.json +++ b/2019/6xxx/CVE-2019-6722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7094.json b/2019/7xxx/CVE-2019-7094.json index e9008bfc46e..a36a12edcbe 100644 --- a/2019/7xxx/CVE-2019-7094.json +++ b/2019/7xxx/CVE-2019-7094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7629.json b/2019/7xxx/CVE-2019-7629.json index 193d49eef6a..0085faedf58 100644 --- a/2019/7xxx/CVE-2019-7629.json +++ b/2019/7xxx/CVE-2019-7629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505", - "refsource" : "MISC", - "url" : "https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505" - }, - { - "name" : "https://tintin.sourceforge.io/news.php", - "refsource" : "MISC", - "url" : "https://tintin.sourceforge.io/news.php" - }, - { - "name" : "https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/", - "refsource" : "MISC", - "url" : "https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505", + "refsource": "MISC", + "url": "https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505" + }, + { + "name": "https://tintin.sourceforge.io/news.php", + "refsource": "MISC", + "url": "https://tintin.sourceforge.io/news.php" + }, + { + "name": "https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/", + "refsource": "MISC", + "url": "https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8295.json b/2019/8xxx/CVE-2019-8295.json index 6145a1f8326..ed3e5feff74 100644 --- a/2019/8xxx/CVE-2019-8295.json +++ b/2019/8xxx/CVE-2019-8295.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8295", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8295", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8374.json b/2019/8xxx/CVE-2019-8374.json index d57fbd84b9f..1636438aade 100644 --- a/2019/8xxx/CVE-2019-8374.json +++ b/2019/8xxx/CVE-2019-8374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8445.json b/2019/8xxx/CVE-2019-8445.json index e4ce42ec043..ad672c9645f 100644 --- a/2019/8xxx/CVE-2019-8445.json +++ b/2019/8xxx/CVE-2019-8445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9124.json b/2019/9xxx/CVE-2019-9124.json index 01d0e1c700e..c81d97d7a67 100644 --- a/2019/9xxx/CVE-2019-9124.json +++ b/2019/9xxx/CVE-2019-9124.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/blankpassword.md", - "refsource" : "MISC", - "url" : "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/blankpassword.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/blankpassword.md", + "refsource": "MISC", + "url": "https://github.com/WhooAmii/whooamii.github.io/blob/master/2018/DIR-878/blankpassword.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9494.json b/2019/9xxx/CVE-2019-9494.json index 9aeddbc776a..ae8591106e4 100644 --- a/2019/9xxx/CVE-2019-9494.json +++ b/2019/9xxx/CVE-2019-9494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9577.json b/2019/9xxx/CVE-2019-9577.json index 44bfcc850b5..fd1957768a3 100644 --- a/2019/9xxx/CVE-2019-9577.json +++ b/2019/9xxx/CVE-2019-9577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9826.json b/2019/9xxx/CVE-2019-9826.json index 993c670e31c..7123dec6207 100644 --- a/2019/9xxx/CVE-2019-9826.json +++ b/2019/9xxx/CVE-2019-9826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9826", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9826", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file