From 71ae3b37ecfc8e6488e02b23ded6f86dc1de53f1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:44:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0086.json | 160 ++++++------ 2007/0xxx/CVE-2007-0256.json | 170 ++++++------ 2007/1xxx/CVE-2007-1011.json | 170 ++++++------ 2007/1xxx/CVE-2007-1440.json | 160 ++++++------ 2007/1xxx/CVE-2007-1538.json | 180 ++++++------- 2007/1xxx/CVE-2007-1619.json | 170 ++++++------ 2007/1xxx/CVE-2007-1626.json | 150 +++++------ 2007/4xxx/CVE-2007-4938.json | 190 +++++++------- 2007/5xxx/CVE-2007-5313.json | 160 ++++++------ 2015/2xxx/CVE-2015-2061.json | 140 +++++----- 2015/2xxx/CVE-2015-2066.json | 150 +++++------ 2015/3xxx/CVE-2015-3096.json | 190 +++++++------- 2015/3xxx/CVE-2015-3225.json | 220 ++++++++-------- 2015/3xxx/CVE-2015-3290.json | 260 +++++++++---------- 2015/3xxx/CVE-2015-3345.json | 150 +++++------ 2015/6xxx/CVE-2015-6118.json | 130 +++++----- 2015/6xxx/CVE-2015-6127.json | 150 +++++------ 2015/6xxx/CVE-2015-6206.json | 34 +-- 2015/6xxx/CVE-2015-6638.json | 130 +++++----- 2015/7xxx/CVE-2015-7011.json | 170 ++++++------ 2015/7xxx/CVE-2015-7177.json | 310 +++++++++++----------- 2015/7xxx/CVE-2015-7451.json | 120 ++++----- 2015/7xxx/CVE-2015-7763.json | 160 ++++++------ 2015/7xxx/CVE-2015-7837.json | 170 ++++++------ 2015/8xxx/CVE-2015-8710.json | 200 +++++++-------- 2016/0xxx/CVE-2016-0029.json | 130 +++++----- 2016/0xxx/CVE-2016-0313.json | 120 ++++----- 2016/0xxx/CVE-2016-0505.json | 330 ++++++++++++------------ 2016/1000xxx/CVE-2016-1000157.json | 34 +-- 2016/1xxx/CVE-2016-1735.json | 140 +++++----- 2016/1xxx/CVE-2016-1912.json | 160 ++++++------ 2016/1xxx/CVE-2016-1952.json | 400 ++++++++++++++--------------- 2016/1xxx/CVE-2016-1998.json | 120 ++++----- 2016/4xxx/CVE-2016-4188.json | 180 ++++++------- 2016/4xxx/CVE-2016-4226.json | 200 +++++++-------- 2016/4xxx/CVE-2016-4466.json | 34 +-- 2016/4xxx/CVE-2016-4851.json | 140 +++++----- 2016/5xxx/CVE-2016-5399.json | 260 +++++++++---------- 2019/0xxx/CVE-2019-0245.json | 226 ++++++++-------- 2019/0xxx/CVE-2019-0482.json | 34 +-- 2019/0xxx/CVE-2019-0673.json | 204 +++++++-------- 2019/0xxx/CVE-2019-0693.json | 34 +-- 2019/1003xxx/CVE-2019-1003034.json | 124 ++++----- 2019/1xxx/CVE-2019-1064.json | 34 +-- 2019/1xxx/CVE-2019-1214.json | 34 +-- 2019/3xxx/CVE-2019-3057.json | 34 +-- 2019/3xxx/CVE-2019-3710.json | 34 +-- 2019/3xxx/CVE-2019-3724.json | 34 +-- 2019/3xxx/CVE-2019-3844.json | 34 +-- 2019/4xxx/CVE-2019-4041.json | 34 +-- 2019/4xxx/CVE-2019-4118.json | 34 +-- 2019/4xxx/CVE-2019-4177.json | 34 +-- 2019/4xxx/CVE-2019-4891.json | 34 +-- 2019/8xxx/CVE-2019-8387.json | 34 +-- 2019/8xxx/CVE-2019-8765.json | 34 +-- 2019/9xxx/CVE-2019-9023.json | 220 ++++++++-------- 2019/9xxx/CVE-2019-9165.json | 34 +-- 2019/9xxx/CVE-2019-9529.json | 34 +-- 2019/9xxx/CVE-2019-9639.json | 130 +++++----- 59 files changed, 3945 insertions(+), 3945 deletions(-) diff --git a/2007/0xxx/CVE-2007-0086.json b/2007/0xxx/CVE-2007-0086.json index 4d7c18f61f2..a90e5ea4d86 100644 --- a/2007/0xxx/CVE-2007-0086.json +++ b/2007/0xxx/CVE-2007-0086.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070103 a cheesy Apache / IIS DoS vuln (+a question)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455833/100/0/threaded" - }, - { - "name" : "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455879/100/0/threaded" - }, - { - "name" : "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455920/100/0/threaded" - }, - { - "name" : "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455882/100/0/threaded" - }, - { - "name" : "33456", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33456", + "refsource": "OSVDB", + "url": "http://osvdb.org/33456" + }, + { + "name": "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455920/100/0/threaded" + }, + { + "name": "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455879/100/0/threaded" + }, + { + "name": "20070103 a cheesy Apache / IIS DoS vuln (+a question)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455833/100/0/threaded" + }, + { + "name": "20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455882/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0256.json b/2007/0xxx/CVE-2007-0256.json index 848af3396c9..1c61c6f04f4 100644 --- a/2007/0xxx/CVE-2007-0256.json +++ b/2007/0xxx/CVE-2007-0256.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py" - }, - { - "name" : "http://wiki.videolan.org/Changelog/0.8.6b", - "refsource" : "CONFIRM", - "url" : "http://wiki.videolan.org/Changelog/0.8.6b" - }, - { - "name" : "22003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22003" - }, - { - "name" : "39022", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39022" - }, - { - "name" : "oval:org.mitre.oval:def:14698", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698" - }, - { - "name" : "vlcmediaplayer-wmv-dos(31515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22003" + }, + { + "name": "39022", + "refsource": "OSVDB", + "url": "http://osvdb.org/39022" + }, + { + "name": "oval:org.mitre.oval:def:14698", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py" + }, + { + "name": "http://wiki.videolan.org/Changelog/0.8.6b", + "refsource": "CONFIRM", + "url": "http://wiki.videolan.org/Changelog/0.8.6b" + }, + { + "name": "vlcmediaplayer-wmv-dos(31515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1011.json b/2007/1xxx/CVE-2007-1011.json index a6aee7459e9..d7d958c0261 100644 --- a/2007/1xxx/CVE-2007-1011.json +++ b/2007/1xxx/CVE-2007-1011.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3328", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3328" - }, - { - "name" : "22605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22605" - }, - { - "name" : "ADV-2007-0646", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0646" - }, - { - "name" : "33223", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33223" - }, - { - "name" : "24182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24182" - }, - { - "name" : "vsgastebuch-functions-file-include(32555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24182" + }, + { + "name": "33223", + "refsource": "OSVDB", + "url": "http://osvdb.org/33223" + }, + { + "name": "22605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22605" + }, + { + "name": "ADV-2007-0646", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0646" + }, + { + "name": "3328", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3328" + }, + { + "name": "vsgastebuch-functions-file-include(32555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32555" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1440.json b/2007/1xxx/CVE-2007-1440.json index 7cd4deb2c41..6b761190fa8 100644 --- a/2007/1xxx/CVE-2007-1440.json +++ b/2007/1xxx/CVE-2007-1440.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070313 JGBBS 3.0beta1 Version Search.ASP \"Author\" SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/462699/100/0/threaded" - }, - { - "name" : "3470", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3470" - }, - { - "name" : "22943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22943" - }, - { - "name" : "ADV-2007-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0940" - }, - { - "name" : "2431", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0940" + }, + { + "name": "2431", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2431" + }, + { + "name": "3470", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3470" + }, + { + "name": "20070313 JGBBS 3.0beta1 Version Search.ASP \"Author\" SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/462699/100/0/threaded" + }, + { + "name": "22943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22943" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1538.json b/2007/1xxx/CVE-2007-1538.json index c982ecf8c11..75758354ba0 100644 --- a/2007/1xxx/CVE-2007-1538.json +++ b/2007/1xxx/CVE-2007-1538.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or (2) HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070317 Bypassing Mcafee Entreprise Password Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463074/100/0/threaded" - }, - { - "name" : "20070317 Re: Bypassing Mcafee Entreprise Password Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463091/100/0/threaded" - }, - { - "name" : "20070319 RE: Bypassing Mcafee Entreprise Password Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463187/100/0/threaded" - }, - { - "name" : "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html", - "refsource" : "MISC", - "url" : "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html" - }, - { - "name" : "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html", - "refsource" : "MISC", - "url" : "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html" - }, - { - "name" : "33800", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/33800" - }, - { - "name" : "1017791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or (2) HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33800", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/33800" + }, + { + "name": "20070319 RE: Bypassing Mcafee Entreprise Password Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463187/100/0/threaded" + }, + { + "name": "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html", + "refsource": "MISC", + "url": "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html" + }, + { + "name": "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html", + "refsource": "MISC", + "url": "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html" + }, + { + "name": "20070317 Bypassing Mcafee Entreprise Password Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463074/100/0/threaded" + }, + { + "name": "20070317 Re: Bypassing Mcafee Entreprise Password Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463091/100/0/threaded" + }, + { + "name": "1017791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017791" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1619.json b/2007/1xxx/CVE-2007-1619.json index 5421639463a..a57585f1fc4 100644 --- a/2007/1xxx/CVE-2007-1619.json +++ b/2007/1xxx/CVE-2007-1619.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3511", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3511" - }, - { - "name" : "23018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23018" - }, - { - "name" : "ADV-2007-1014", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1014" - }, - { - "name" : "34629", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34629" - }, - { - "name" : "24698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24698" - }, - { - "name" : "scriptmagixphoto-viewcomments-sql-injection(33061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-1014", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1014" + }, + { + "name": "scriptmagixphoto-viewcomments-sql-injection(33061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33061" + }, + { + "name": "3511", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3511" + }, + { + "name": "23018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23018" + }, + { + "name": "24698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24698" + }, + { + "name": "34629", + "refsource": "OSVDB", + "url": "http://osvdb.org/34629" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1626.json b/2007/1xxx/CVE-2007-1626.json index 33a84e1a921..a9789bd6c47 100644 --- a/2007/1xxx/CVE-2007-1626.json +++ b/2007/1xxx/CVE-2007-1626.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3512", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3512" - }, - { - "name" : "23038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23038" - }, - { - "name" : "37222", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37222" - }, - { - "name" : "iframe-iframe-file-include(33060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iframe-iframe-file-include(33060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33060" + }, + { + "name": "37222", + "refsource": "OSVDB", + "url": "http://osvdb.org/37222" + }, + { + "name": "3512", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3512" + }, + { + "name": "23038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23038" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4938.json b/2007/4xxx/CVE-2007-4938.json index ed820dccf41..69aae2dc01f 100644 --- a/2007/4xxx/CVE-2007-4938.json +++ b/2007/4xxx/CVE-2007-4938.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479222/100/0/threaded" - }, - { - "name" : "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" - }, - { - "name" : "MDKSA-2007:192", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" - }, - { - "name" : "25648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25648" - }, - { - "name" : "45940", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45940" - }, - { - "name" : "27016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27016" - }, - { - "name" : "3144", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3144" - }, - { - "name" : "mplayer-avi-file-bo(36581)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25648" + }, + { + "name": "3144", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3144" + }, + { + "name": "mplayer-avi-file-bo(36581)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" + }, + { + "name": "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" + }, + { + "name": "27016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27016" + }, + { + "name": "45940", + "refsource": "OSVDB", + "url": "http://osvdb.org/45940" + }, + { + "name": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" + }, + { + "name": "MDKSA-2007:192", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5313.json b/2007/5xxx/CVE-2007-5313.json index 4d8cbe01c29..32f2d89180d 100644 --- a/2007/5xxx/CVE-2007-5313.json +++ b/2007/5xxx/CVE-2007-5313.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4492", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4492" - }, - { - "name" : "25961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25961" - }, - { - "name" : "ADV-2007-3431", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3431" - }, - { - "name" : "38643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38643" - }, - { - "name" : "picturesolution-config-file-include(37006)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "picturesolution-config-file-include(37006)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37006" + }, + { + "name": "ADV-2007-3431", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3431" + }, + { + "name": "4492", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4492" + }, + { + "name": "38643", + "refsource": "OSVDB", + "url": "http://osvdb.org/38643" + }, + { + "name": "25961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25961" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2061.json b/2015/2xxx/CVE-2015-2061.json index 650f3a5d428..e5645fc3c36 100644 --- a/2015/2xxx/CVE-2015-2061.json +++ b/2015/2xxx/CVE-2015-2061.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-051/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-051/" - }, - { - "name" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389", - "refsource" : "MISC", - "url" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389" - }, - { - "name" : "72836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389", + "refsource": "MISC", + "url": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389" + }, + { + "name": "72836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72836" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-051/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-051/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2066.json b/2015/2xxx/CVE-2015-2066.json index 23c0c153992..91f846f6000 100644 --- a/2015/2xxx/CVE-2015-2066.json +++ b/2015/2xxx/CVE-2015-2066.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150218 DLGuard SQL Injection Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Feb/69" - }, - { - "name" : "http://securityrelated.blogspot.com/2015/02/dlguard-sql-injection-security.html", - "refsource" : "MISC", - "url" : "http://securityrelated.blogspot.com/2015/02/dlguard-sql-injection-security.html" - }, - { - "name" : "http://tetraph.com/security/sql-injection-vulnerability/dlguard-sql-injection-security-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/sql-injection-vulnerability/dlguard-sql-injection-security-vulnerabilities/" - }, - { - "name" : "72683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72683" + }, + { + "name": "20150218 DLGuard SQL Injection Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Feb/69" + }, + { + "name": "http://tetraph.com/security/sql-injection-vulnerability/dlguard-sql-injection-security-vulnerabilities/", + "refsource": "MISC", + "url": "http://tetraph.com/security/sql-injection-vulnerability/dlguard-sql-injection-security-vulnerabilities/" + }, + { + "name": "http://securityrelated.blogspot.com/2015/02/dlguard-sql-injection-security.html", + "refsource": "MISC", + "url": "http://securityrelated.blogspot.com/2015/02/dlguard-sql-injection-security.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3096.json b/2015/3xxx/CVE-2015-3096.json index 319382c5c35..5f4088ad62c 100644 --- a/2015/3xxx/CVE-2015-3096.json +++ b/2015/3xxx/CVE-2015-3096.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html" - }, - { - "name" : "GLSA-201506-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-01" - }, - { - "name" : "RHSA-2015:1086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1086.html" - }, - { - "name" : "SUSE-SU-2015:1043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html" - }, - { - "name" : "openSUSE-SU-2015:1047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:1061", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html" - }, - { - "name" : "75088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75088" - }, - { - "name" : "1032519", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html" + }, + { + "name": "1032519", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032519" + }, + { + "name": "openSUSE-SU-2015:1047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html" + }, + { + "name": "GLSA-201506-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-01" + }, + { + "name": "SUSE-SU-2015:1043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html" + }, + { + "name": "openSUSE-SU-2015:1061", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html" + }, + { + "name": "75088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75088" + }, + { + "name": "RHSA-2015:1086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1086.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3225.json b/2015/3xxx/CVE-2015-3225.json index 1bd3cbddb5f..b8b6cd69315 100644 --- a/2015/3xxx/CVE-2015-3225.json +++ b/2015/3xxx/CVE-2015-3225.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/06/16/14" - }, - { - "name" : "[rubyonrails-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack", - "refsource" : "MLIST", - "url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ" - }, - { - "name" : "https://github.com/rack/rack/blob/master/HISTORY.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/rack/rack/blob/master/HISTORY.md" - }, - { - "name" : "DSA-3322", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3322" - }, - { - "name" : "FEDORA-2015-12979", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html" - }, - { - "name" : "FEDORA-2015-12978", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html" - }, - { - "name" : "RHSA-2015:2290", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2290.html" - }, - { - "name" : "openSUSE-SU-2015:1259", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html" - }, - { - "name" : "openSUSE-SU-2015:1262", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html" - }, - { - "name" : "openSUSE-SU-2015:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html" - }, - { - "name" : "75232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1262", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html" + }, + { + "name": "openSUSE-SU-2015:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html" + }, + { + "name": "RHSA-2015:2290", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html" + }, + { + "name": "FEDORA-2015-12979", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html" + }, + { + "name": "https://github.com/rack/rack/blob/master/HISTORY.md", + "refsource": "CONFIRM", + "url": "https://github.com/rack/rack/blob/master/HISTORY.md" + }, + { + "name": "[rubyonrails-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack", + "refsource": "MLIST", + "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ" + }, + { + "name": "DSA-3322", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3322" + }, + { + "name": "openSUSE-SU-2015:1259", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html" + }, + { + "name": "75232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75232" + }, + { + "name": "FEDORA-2015-12978", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html" + }, + { + "name": "[oss-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/06/16/14" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3290.json b/2015/3xxx/CVE-2015-3290.json index 9230f062996..a8e256cd8db 100644 --- a/2015/3xxx/CVE-2015-3290.json +++ b/2015/3xxx/CVE-2015-3290.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37722", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37722/" - }, - { - "name" : "[oss-security] 20150722 Linux x86_64 NMI security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/22/7" - }, - { - "name" : "[oss-security] 20150804 CVE-2015-3290: Linux privilege escalation due to nested NMIs interrupting espfix64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/04/8" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243465", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243465" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a" - }, - { - "name" : "DSA-3313", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3313" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "USN-2687-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2687-1" - }, - { - "name" : "USN-2688-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2688-1" - }, - { - "name" : "USN-2689-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2689-1" - }, - { - "name" : "USN-2690-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2690-1" - }, - { - "name" : "USN-2691-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2691-1" - }, - { - "name" : "76004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243465", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243465" + }, + { + "name": "[oss-security] 20150804 CVE-2015-3290: Linux privilege escalation due to nested NMIs interrupting espfix64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/04/8" + }, + { + "name": "76004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76004" + }, + { + "name": "37722", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37722/" + }, + { + "name": "USN-2689-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2689-1" + }, + { + "name": "USN-2690-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2690-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a" + }, + { + "name": "USN-2691-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2691-1" + }, + { + "name": "USN-2688-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2688-1" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "DSA-3313", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3313" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6" + }, + { + "name": "[oss-security] 20150722 Linux x86_64 NMI security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a" + }, + { + "name": "USN-2687-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2687-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3345.json b/2015/3xxx/CVE-2015-3345.json index 4e52f5954c9..f93a42ce159 100644 --- a/2015/3xxx/CVE-2015-3345.json +++ b/2015/3xxx/CVE-2015-3345.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the \"phpList database.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/29/6" - }, - { - "name" : "https://www.drupal.org/node/2403343", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2403343" - }, - { - "name" : "https://www.drupal.org/node/2402517", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2402517" - }, - { - "name" : "72634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the \"phpList database.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2402517", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2402517" + }, + { + "name": "https://www.drupal.org/node/2403343", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2403343" + }, + { + "name": "72634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72634" + }, + { + "name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/29/6" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6118.json b/2015/6xxx/CVE-2015-6118.json index 25c66f86ada..d74c7917ec7 100644 --- a/2015/6xxx/CVE-2015-6118.json +++ b/2015/6xxx/CVE-2015-6118.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-131", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131" - }, - { - "name" : "1034324", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-131", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-131" + }, + { + "name": "1034324", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034324" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6127.json b/2015/6xxx/CVE-2015-6127.json index 43226830e6d..8090e2d90a3 100644 --- a/2015/6xxx/CVE-2015-6127.json +++ b/2015/6xxx/CVE-2015-6127.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka \"Windows Media Center Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38912", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38912/" - }, - { - "name" : "MS15-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-134" - }, - { - "name" : "78516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78516" - }, - { - "name" : "1034335", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka \"Windows Media Center Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78516" + }, + { + "name": "1034335", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034335" + }, + { + "name": "MS15-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-134" + }, + { + "name": "38912", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38912/" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6206.json b/2015/6xxx/CVE-2015-6206.json index 24ad6894d60..15796b63bb6 100644 --- a/2015/6xxx/CVE-2015-6206.json +++ b/2015/6xxx/CVE-2015-6206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6206", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6206", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6638.json b/2015/6xxx/CVE-2015-6638.json index 700cff9d1b8..923df8d36a5 100644 --- a/2015/6xxx/CVE-2015-6638.json +++ b/2015/6xxx/CVE-2015-6638.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2015-6638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-01-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-01-01.html" - }, - { - "name" : "1034592", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034592", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034592" + }, + { + "name": "http://source.android.com/security/bulletin/2016-01-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-01-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7011.json b/2015/7xxx/CVE-2015-7011.json index 31e6ef8a223..d204d1280b4 100644 --- a/2015/7xxx/CVE-2015-7011.json +++ b/2015/7xxx/CVE-2015-7011.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205372", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205372" - }, - { - "name" : "https://support.apple.com/HT205377", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205377" - }, - { - "name" : "APPLE-SA-2015-10-21-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-10-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" - }, - { - "name" : "77264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77264" - }, - { - "name" : "1033939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77264" + }, + { + "name": "https://support.apple.com/HT205372", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205372" + }, + { + "name": "APPLE-SA-2015-10-21-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" + }, + { + "name": "APPLE-SA-2015-10-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" + }, + { + "name": "https://support.apple.com/HT205377", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205377" + }, + { + "name": "1033939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033939" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7177.json b/2015/7xxx/CVE-2015-7177.json index 95a65856ae4..c35f38932e4 100644 --- a/2015/7xxx/CVE-2015-7177.json +++ b/2015/7xxx/CVE-2015-7177.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-7177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-112.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-112.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186725", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186725" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "DSA-3365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3365" - }, - { - "name" : "RHSA-2015:1852", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1852.html" - }, - { - "name" : "RHSA-2015:1834", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1834.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:1680", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" - }, - { - "name" : "openSUSE-SU-2015:1679", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:1703", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" - }, - { - "name" : "USN-2743-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-4" - }, - { - "name" : "USN-2754-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2754-1" - }, - { - "name" : "USN-2743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-1" - }, - { - "name" : "USN-2743-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-2" - }, - { - "name" : "USN-2743-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-3" - }, - { - "name" : "76816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76816" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1680", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html" + }, + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "USN-2754-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2754-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-112.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-112.html" + }, + { + "name": "USN-2743-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-4" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186725", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186725" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "USN-2743-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-3" + }, + { + "name": "RHSA-2015:1834", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1834.html" + }, + { + "name": "USN-2743-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-2" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "RHSA-2015:1852", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1852.html" + }, + { + "name": "DSA-3365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3365" + }, + { + "name": "76816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76816" + }, + { + "name": "SUSE-SU-2015:1703", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html" + }, + { + "name": "openSUSE-SU-2015:1679", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "USN-2743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7451.json b/2015/7xxx/CVE-2015-7451.json index faac02cc435..55153fdafb9 100644 --- a/2015/7xxx/CVE-2015-7451.json +++ b/2015/7xxx/CVE-2015-7451.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-7451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972423", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21972423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7763.json b/2015/7xxx/CVE-2015-7763.json index 2d91a4dee18..fa534dd4d0d 100644 --- a/2015/7xxx/CVE-2015-7763.json +++ b/2015/7xxx/CVE-2015-7763.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available", - "refsource" : "MLIST", - "url" : "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html" - }, - { - "name" : "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15" - }, - { - "name" : "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt" - }, - { - "name" : "DSA-3387", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3387" - }, - { - "name" : "1034039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15" + }, + { + "name": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt", + "refsource": "CONFIRM", + "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt" + }, + { + "name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available", + "refsource": "MLIST", + "url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html" + }, + { + "name": "1034039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034039" + }, + { + "name": "DSA-3387", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3387" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7837.json b/2015/7xxx/CVE-2015-7837.json index 0b0aa1e1375..8c6a53596f9 100644 --- a/2015/7xxx/CVE-2015-7837.json +++ b/2015/7xxx/CVE-2015-7837.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/15/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272472", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1272472" - }, - { - "name" : "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798", - "refsource" : "CONFIRM", - "url" : "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798" - }, - { - "name" : "RHSA-2015:2152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2152.html" - }, - { - "name" : "RHSA-2015:2411", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2411.html" - }, - { - "name" : "77097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798", + "refsource": "CONFIRM", + "url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472" + }, + { + "name": "RHSA-2015:2152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html" + }, + { + "name": "77097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77097" + }, + { + "name": "[oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/15/6" + }, + { + "name": "RHSA-2015:2411", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8710.json b/2015/8xxx/CVE-2015-8710.json index c227ddd8e04..4a99d4c7f05 100644 --- a/2015/8xxx/CVE-2015-8710.json +++ b/2015/8xxx/CVE-2015-8710.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-8710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150419 libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/19/4" - }, - { - "name" : "[oss-security] 20150913 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/13/1" - }, - { - "name" : "[oss-security] 20151231 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/31/7" - }, - { - "name" : "https://hackerone.com/reports/57125#activity-384861", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/57125#activity-384861" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=746048", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=746048" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c" - }, - { - "name" : "DSA-3430", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3430" - }, - { - "name" : "RHSA-2016:1089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html" - }, - { - "name" : "79811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/57125#activity-384861", + "refsource": "MISC", + "url": "https://hackerone.com/reports/57125#activity-384861" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=746048", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=746048" + }, + { + "name": "DSA-3430", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3430" + }, + { + "name": "[oss-security] 20150913 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/13/1" + }, + { + "name": "RHSA-2016:1089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c" + }, + { + "name": "[oss-security] 20150419 libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/19/4" + }, + { + "name": "79811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79811" + }, + { + "name": "[oss-security] 20151231 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/31/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0029.json b/2016/0xxx/CVE-2016-0029.json index 74792a907b2..dfc46d3b44c 100644 --- a/2016/0xxx/CVE-2016-0029.json +++ b/2016/0xxx/CVE-2016-0029.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability,\" a different vulnerability than CVE-2016-0031." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010" - }, - { - "name" : "1034647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability,\" a different vulnerability than CVE-2016-0031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010" + }, + { + "name": "1034647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034647" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0313.json b/2016/0xxx/CVE-2016-0313.json index 4a0c17dfcb0..f8befb189f4 100644 --- a/2016/0xxx/CVE-2016-0313.json +++ b/2016/0xxx/CVE-2016-0313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0350." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0505.json b/2016/0xxx/CVE-2016-0505.json index c56409f4ff2..ca6ded3a1ea 100644 --- a/2016/0xxx/CVE-2016-0505.json +++ b/2016/0xxx/CVE-2016-0505.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/" - }, - { - "name" : "https://mariadb.com/kb/en/mdb-10023-rn/", - "refsource" : "CONFIRM", - "url" : "https://mariadb.com/kb/en/mdb-10023-rn/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3453", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3453" - }, - { - "name" : "DSA-3459", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3459" - }, - { - "name" : "RHSA-2016:0534", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0534.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "RHSA-2016:1132", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1132" - }, - { - "name" : "RHSA-2016:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1480.html" - }, - { - "name" : "RHSA-2016:1481", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1481.html" - }, - { - "name" : "openSUSE-SU-2016:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:1686", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" - }, - { - "name" : "SUSE-SU-2016:1619", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:1620", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" - }, - { - "name" : "openSUSE-SU-2016:1664", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" - }, - { - "name" : "openSUSE-SU-2016:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" - }, - { - "name" : "USN-2881-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2881-1" - }, - { - "name" : "81088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81088" - }, - { - "name" : "1034708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1620", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html" + }, + { + "name": "RHSA-2016:1481", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1481.html" + }, + { + "name": "openSUSE-SU-2016:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" + }, + { + "name": "RHSA-2016:1132", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1132" + }, + { + "name": "DSA-3459", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3459" + }, + { + "name": "1034708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034708" + }, + { + "name": "RHSA-2016:0534", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0534.html" + }, + { + "name": "81088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81088" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "SUSE-SU-2016:1619", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2016:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1480.html" + }, + { + "name": "openSUSE-SU-2016:1664", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://mariadb.com/kb/en/mdb-10023-rn/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mdb-10023-rn/" + }, + { + "name": "USN-2881-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2881-1" + }, + { + "name": "openSUSE-SU-2016:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" + }, + { + "name": "DSA-3453", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3453" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/" + }, + { + "name": "openSUSE-SU-2016:1686", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html" + }, + { + "name": "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/", + "refsource": "CONFIRM", + "url": "https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000157.json b/2016/1000xxx/CVE-2016-1000157.json index 66e2c4a67a6..964b40bdc56 100644 --- a/2016/1000xxx/CVE-2016-1000157.json +++ b/2016/1000xxx/CVE-2016-1000157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1735.json b/2016/1xxx/CVE-2016-1735.json index 95f71c95a2a..ee633411bd9 100644 --- a/2016/1xxx/CVE-2016-1735.json +++ b/2016/1xxx/CVE-2016-1735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206167", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206167" - }, - { - "name" : "APPLE-SA-2016-03-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" - }, - { - "name" : "1035363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-03-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" + }, + { + "name": "https://support.apple.com/HT206167", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206167" + }, + { + "name": "1035363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035363" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1912.json b/2016/1xxx/CVE-2016-1912.json index 52b596bb802..d725cc032d7 100644 --- a/2016/1xxx/CVE-2016-1912.json +++ b/2016/1xxx/CVE-2016-1912.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.information-security.fr/xss-dolibarr-version-3-8-3/", - "refsource" : "MISC", - "url" : "http://www.information-security.fr/xss-dolibarr-version-3-8-3/" - }, - { - "name" : "https://twitter.com/MickaelDorigny/status/684456187870457857", - "refsource" : "MISC", - "url" : "https://twitter.com/MickaelDorigny/status/684456187870457857" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/issues/4341", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/issues/4341" - }, - { - "name" : "https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/MickaelDorigny/status/684456187870457857", + "refsource": "MISC", + "url": "https://twitter.com/MickaelDorigny/status/684456187870457857" + }, + { + "name": "http://www.information-security.fr/xss-dolibarr-version-3-8-3/", + "refsource": "MISC", + "url": "http://www.information-security.fr/xss-dolibarr-version-3-8-3/" + }, + { + "name": "http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8", + "refsource": "CONFIRM", + "url": "https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/issues/4341", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/issues/4341" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1952.json b/2016/1xxx/CVE-2016-1952.json index 2854904c920..d2ff402c29c 100644 --- a/2016/1xxx/CVE-2016-1952.json +++ b/2016/1xxx/CVE-2016-1952.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-1952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1998.json b/2016/1xxx/CVE-2016-1998.json index 81701805f3c..e073dd77d9a 100644 --- a/2016/1xxx/CVE-2016-1998.json +++ b/2016/1xxx/CVE-2016-1998.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054565" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4188.json b/2016/4xxx/CVE-2016-4188.json index d4bbe295393..04d08018dbd 100644 --- a/2016/4xxx/CVE-2016-4188.json +++ b/2016/4xxx/CVE-2016-4188.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "MS16-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91725" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91725" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "MS16-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4226.json b/2016/4xxx/CVE-2016-4226.json index 753edfdb5be..fadeb4a799e 100644 --- a/2016/4xxx/CVE-2016-4226.json +++ b/2016/4xxx/CVE-2016-4226.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40308", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40308/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" - }, - { - "name" : "GLSA-201607-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-03" - }, - { - "name" : "MS16-093", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" - }, - { - "name" : "RHSA-2016:1423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1423" - }, - { - "name" : "SUSE-SU-2016:1826", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" - }, - { - "name" : "openSUSE-SU-2016:1802", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" - }, - { - "name" : "91719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91719" - }, - { - "name" : "1036280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1826", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" + }, + { + "name": "GLSA-201607-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-03" + }, + { + "name": "openSUSE-SU-2016:1802", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" + }, + { + "name": "91719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91719" + }, + { + "name": "40308", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40308/" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" + }, + { + "name": "RHSA-2016:1423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1423" + }, + { + "name": "MS16-093", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093" + }, + { + "name": "1036280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036280" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4466.json b/2016/4xxx/CVE-2016-4466.json index be8ee11ab92..1bd64dd0162 100644 --- a/2016/4xxx/CVE-2016-4466.json +++ b/2016/4xxx/CVE-2016-4466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4466", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-4466", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4851.json b/2016/4xxx/CVE-2016-4851.json index a366a384944..0aa36b8c5ef 100644 --- a/2016/4xxx/CVE-2016-4851.json +++ b/2016/4xxx/CVE-2016-4851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-4851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#42262137", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN42262137/index.html" - }, - { - "name" : "JVNDB-2016-000152", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000152" - }, - { - "name" : "92597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000152", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000152" + }, + { + "name": "92597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92597" + }, + { + "name": "JVN#42262137", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN42262137/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5399.json b/2016/5xxx/CVE-2016-5399.json index f32689d31f4..1a8d6e94220 100644 --- a/2016/5xxx/CVE-2016-5399.json +++ b/2016/5xxx/CVE-2016-5399.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-5399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-5399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160721 CVE-2016-5399: php: out-of-bounds write in bzread()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538966/100/0/threaded" - }, - { - "name" : "40155", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40155/" - }, - { - "name" : "20160725 CVE-2016-5399: php: out-of-bounds write in bzread()", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jul/72" - }, - { - "name" : "[oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/21/1" - }, - { - "name" : "http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=72613", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=72613" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358395", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1358395" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" - }, - { - "name" : "DSA-3631", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3631" - }, - { - "name" : "RHSA-2016:2598", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2598.html" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92051" - }, - { - "name" : "1036430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92051" + }, + { + "name": "http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html" + }, + { + "name": "20160725 CVE-2016-5399: php: out-of-bounds write in bzread()", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jul/72" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358395" + }, + { + "name": "[oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/21/1" + }, + { + "name": "20160721 CVE-2016-5399: php: out-of-bounds write in bzread()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538966/100/0/threaded" + }, + { + "name": "https://bugs.php.net/bug.php?id=72613", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=72613" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "RHSA-2016:2598", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2598.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180112-0001/" + }, + { + "name": "1036430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036430" + }, + { + "name": "DSA-3631", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3631" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "40155", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40155/" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0245.json b/2019/0xxx/CVE-2019-0245.json index f8faaef916f..d34013ad990 100644 --- a/2019/0xxx/CVE-2019-0245.json +++ b/2019/0xxx/CVE-2019-0245.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cna@sap.com", - "ID" : "CVE-2019-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP CRM WebClient UI (SAPSCORE)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.12" - } - ] - } - }, - { - "product_name" : "SAP CRM WebClient UI (S4FND)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "1.02" - } - ] - } - }, - { - "product_name" : "SAP CRM WebClient UI (WEBCUIF)", - "version" : { - "version_data" : [ - { - "version_name" : "<", - "version_value" : "7.31" - }, - { - "version_name" : "<", - "version_value" : "7.46" - }, - { - "version_name" : "<", - "version_value" : "7.47" - }, - { - "version_name" : "<", - "version_value" : "7.48" - }, - { - "version_name" : "<", - "version_value" : "8.0" - }, - { - "version_name" : "<", - "version_value" : "8.01" - } - ] - } - } - ] - }, - "vendor_name" : "SAP SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cna@sap.com", + "ID": "CVE-2019-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP CRM WebClient UI (SAPSCORE)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.12" + } + ] + } + }, + { + "product_name": "SAP CRM WebClient UI (S4FND)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.02" + } + ] + } + }, + { + "product_name": "SAP CRM WebClient UI (WEBCUIF)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.46" + }, + { + "version_name": "<", + "version_value": "7.47" + }, + { + "version_name": "<", + "version_value": "7.48" + }, + { + "version_name": "<", + "version_value": "8.0" + }, + { + "version_name": "<", + "version_value": "8.01" + } + ] + } + } + ] + }, + "vendor_name": "SAP SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.support.sap.com/#/notes/2588763", - "refsource" : "MISC", - "url" : "https://launchpad.support.sap.com/#/notes/2588763" - }, - { - "name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985", - "refsource" : "MISC", - "url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985" - }, - { - "name" : "106468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.support.sap.com/#/notes/2588763", + "refsource": "MISC", + "url": "https://launchpad.support.sap.com/#/notes/2588763" + }, + { + "name": "106468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106468" + }, + { + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985", + "refsource": "MISC", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0482.json b/2019/0xxx/CVE-2019-0482.json index bbc4c48e46e..2286a2ef9a2 100644 --- a/2019/0xxx/CVE-2019-0482.json +++ b/2019/0xxx/CVE-2019-0482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0673.json b/2019/0xxx/CVE-2019-0673.json index 3726e59d5c5..09c783d080c 100644 --- a/2019/0xxx/CVE-2019-0673.json +++ b/2019/0xxx/CVE-2019-0673.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2019-0673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - }, - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office 365 ProPlus", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "64-bit Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0674, CVE-2019-0675." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-0673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673" - }, - { - "name" : "106930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0674, CVE-2019-0675." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673" + }, + { + "name": "106930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106930" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0693.json b/2019/0xxx/CVE-2019-0693.json index 9f91934206e..fbe54571bf2 100644 --- a/2019/0xxx/CVE-2019-0693.json +++ b/2019/0xxx/CVE-2019-0693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003034.json b/2019/1003xxx/CVE-2019-1003034.json index 78fe0f2eab5..72bc8404aad 100644 --- a/2019/1003xxx/CVE-2019-1003034.json +++ b/2019/1003xxx/CVE-2019-1003034.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-03-06T22:44:37.386102", - "ID" : "CVE-2019-1003034", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Job DSL Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.71 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-03-06T22:44:37.386102", + "ID": "CVE-2019-1003034", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jenkins Job DSL Plugin", + "version": { + "version_data": [ + { + "version_value": "1.71 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1064.json b/2019/1xxx/CVE-2019-1064.json index 8d22fd7a64a..6d84c87abd6 100644 --- a/2019/1xxx/CVE-2019-1064.json +++ b/2019/1xxx/CVE-2019-1064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1214.json b/2019/1xxx/CVE-2019-1214.json index 58afcb8ee77..3d93be1c0ef 100644 --- a/2019/1xxx/CVE-2019-1214.json +++ b/2019/1xxx/CVE-2019-1214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3057.json b/2019/3xxx/CVE-2019-3057.json index 7d490a1f8e8..8820b648ff6 100644 --- a/2019/3xxx/CVE-2019-3057.json +++ b/2019/3xxx/CVE-2019-3057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3710.json b/2019/3xxx/CVE-2019-3710.json index ff57c0e846d..d55d843f2a8 100644 --- a/2019/3xxx/CVE-2019-3710.json +++ b/2019/3xxx/CVE-2019-3710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3724.json b/2019/3xxx/CVE-2019-3724.json index d8e1b7abda5..652dabff5ad 100644 --- a/2019/3xxx/CVE-2019-3724.json +++ b/2019/3xxx/CVE-2019-3724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3844.json b/2019/3xxx/CVE-2019-3844.json index 589ab32f846..2940a6a2068 100644 --- a/2019/3xxx/CVE-2019-3844.json +++ b/2019/3xxx/CVE-2019-3844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4041.json b/2019/4xxx/CVE-2019-4041.json index 8db980e756a..7d743ad5264 100644 --- a/2019/4xxx/CVE-2019-4041.json +++ b/2019/4xxx/CVE-2019-4041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4118.json b/2019/4xxx/CVE-2019-4118.json index e87145c3177..c3efe7d1db2 100644 --- a/2019/4xxx/CVE-2019-4118.json +++ b/2019/4xxx/CVE-2019-4118.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4118", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4118", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4177.json b/2019/4xxx/CVE-2019-4177.json index 0ddebfd7e33..d43359bb93c 100644 --- a/2019/4xxx/CVE-2019-4177.json +++ b/2019/4xxx/CVE-2019-4177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4891.json b/2019/4xxx/CVE-2019-4891.json index f2c1af71e84..1b0fac2a887 100644 --- a/2019/4xxx/CVE-2019-4891.json +++ b/2019/4xxx/CVE-2019-4891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8387.json b/2019/8xxx/CVE-2019-8387.json index 60a0dd3aa60..60a9ce2ba71 100644 --- a/2019/8xxx/CVE-2019-8387.json +++ b/2019/8xxx/CVE-2019-8387.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8387", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8387", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8765.json b/2019/8xxx/CVE-2019-8765.json index c5f37140394..d74b58571b8 100644 --- a/2019/8xxx/CVE-2019-8765.json +++ b/2019/8xxx/CVE-2019-8765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9023.json b/2019/9xxx/CVE-2019-9023.json index 1a7d960ade3..e42a9862ad5 100644 --- a/2019/9xxx/CVE-2019-9023.json +++ b/2019/9xxx/CVE-2019-9023.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=77370", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77370" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77371", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77371" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77381", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77381" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77382", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77382" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77385", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77385" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77394", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77394" - }, - { - "name" : "https://bugs.php.net/bug.php?id=77418", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77418" - }, - { - "name" : "DSA-4398", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4398" - }, - { - "name" : "USN-3902-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3902-1/" - }, - { - "name" : "USN-3902-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3902-2/" - }, - { - "name" : "107156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3902-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3902-2/" + }, + { + "name": "https://bugs.php.net/bug.php?id=77382", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77382" + }, + { + "name": "https://bugs.php.net/bug.php?id=77418", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77418" + }, + { + "name": "DSA-4398", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4398" + }, + { + "name": "https://bugs.php.net/bug.php?id=77371", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77371" + }, + { + "name": "USN-3902-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3902-1/" + }, + { + "name": "107156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107156" + }, + { + "name": "https://bugs.php.net/bug.php?id=77370", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77370" + }, + { + "name": "https://bugs.php.net/bug.php?id=77385", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77385" + }, + { + "name": "https://bugs.php.net/bug.php?id=77394", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77394" + }, + { + "name": "https://bugs.php.net/bug.php?id=77381", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77381" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9165.json b/2019/9xxx/CVE-2019-9165.json index 7c5e0833366..9a892dc8302 100644 --- a/2019/9xxx/CVE-2019-9165.json +++ b/2019/9xxx/CVE-2019-9165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9529.json b/2019/9xxx/CVE-2019-9529.json index 0502e07cb6f..12fc68f7dbf 100644 --- a/2019/9xxx/CVE-2019-9529.json +++ b/2019/9xxx/CVE-2019-9529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9639.json b/2019/9xxx/CVE-2019-9639.json index 5f6f39607f9..9588e8cda4e 100644 --- a/2019/9xxx/CVE-2019-9639.json +++ b/2019/9xxx/CVE-2019-9639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=77659", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77659" - }, - { - "name" : "DSA-4403", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4403", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4403" + }, + { + "name": "https://bugs.php.net/bug.php?id=77659", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77659" + } + ] + } +} \ No newline at end of file