diff --git a/2007/0xxx/CVE-2007-0259.json b/2007/0xxx/CVE-2007-0259.json index 211bf2e0735..2f541d01cfb 100644 --- a/2007/0xxx/CVE-2007-0259.json +++ b/2007/0xxx/CVE-2007-0259.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070111 Ezboxx multiple vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456699/100/0/threaded" - }, - { - "name" : "http://www.bugsec.com/articles.php?Security=20", - "refsource" : "MISC", - "url" : "http://www.bugsec.com/articles.php?Security=20" - }, - { - "name" : "ADV-2007-0208", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0208" - }, - { - "name" : "32829", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32829" - }, - { - "name" : "33470", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0208", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0208" + }, + { + "name": "http://www.bugsec.com/articles.php?Security=20", + "refsource": "MISC", + "url": "http://www.bugsec.com/articles.php?Security=20" + }, + { + "name": "33470", + "refsource": "OSVDB", + "url": "http://osvdb.org/33470" + }, + { + "name": "20070111 Ezboxx multiple vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456699/100/0/threaded" + }, + { + "name": "32829", + "refsource": "OSVDB", + "url": "http://osvdb.org/32829" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0597.json b/2007/0xxx/CVE-2007-0597.json index 10cf24fb98d..c5f11ebd47a 100644 --- a/2007/0xxx/CVE-2007-0597.json +++ b/2007/0xxx/CVE-2007-0597.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458076/100/0/threaded" - }, - { - "name" : "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458123/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/21070125.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/21070125.txt" - }, - { - "name" : "33594", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://acid-root.new.fr/poc/21070125.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/21070125.txt" + }, + { + "name": "33594", + "refsource": "OSVDB", + "url": "http://osvdb.org/33594" + }, + { + "name": "20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458076/100/0/threaded" + }, + { + "name": "20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458123/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1392.json b/2007/1xxx/CVE-2007-1392.json index 5868be1209b..7f1cb4d8ad4 100644 --- a/2007/1xxx/CVE-2007-1392.json +++ b/2007/1xxx/CVE-2007-1392.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3435", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3435" - }, - { - "name" : "22875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22875" - }, - { - "name" : "ADV-2007-0884", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0884" - }, - { - "name" : "24449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24449" - }, - { - "name" : "netforo-down-directory-traversal(32878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24449" + }, + { + "name": "ADV-2007-0884", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0884" + }, + { + "name": "3435", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3435" + }, + { + "name": "22875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22875" + }, + { + "name": "netforo-down-directory-traversal(32878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32878" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1770.json b/2007/1xxx/CVE-2007-1770.json index d447d8b2433..07d21bc3190 100644 --- a/2007/1xxx/CVE-2007-1770.json +++ b/2007/1xxx/CVE-2007-1770.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 ESRI ArcSDE Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507" - }, - { - "name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260" - }, - { - "name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261" - }, - { - "name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262", - "refsource" : "CONFIRM", - "url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262" - }, - { - "name" : "23175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23175" - }, - { - "name" : "ADV-2007-1140", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1140" - }, - { - "name" : "1017874", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017874" - }, - { - "name" : "24639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24639" - }, - { - "name" : "arcsde-three-tiered-dos(33282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282" - }, - { - "name" : "arcsde-tcpport-bo(33457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017874", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017874" + }, + { + "name": "23175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23175" + }, + { + "name": "arcsde-tcpport-bo(33457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33457" + }, + { + "name": "24639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24639" + }, + { + "name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261", + "refsource": "CONFIRM", + "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261" + }, + { + "name": "arcsde-three-tiered-dos(33282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33282" + }, + { + "name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262", + "refsource": "CONFIRM", + "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262" + }, + { + "name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260", + "refsource": "CONFIRM", + "url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260" + }, + { + "name": "20070404 ESRI ArcSDE Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507" + }, + { + "name": "ADV-2007-1140", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1140" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1892.json b/2007/1xxx/CVE-2007-1892.json index 8bac7b004b2..ddcbb9d4d87 100644 --- a/2007/1xxx/CVE-2007-1892.json +++ b/2007/1xxx/CVE-2007-1892.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070416 Akamai Technologies Security Advisory 2007-0001", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/465908/100/0/threaded" - }, - { - "name" : "23522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23522" - }, - { - "name" : "ADV-2007-1415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1415" - }, - { - "name" : "34324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34324" - }, - { - "name" : "24900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24900" - }, - { - "name" : "akamai-download-manager-bo(33697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34324" + }, + { + "name": "20070416 Akamai Technologies Security Advisory 2007-0001", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/465908/100/0/threaded" + }, + { + "name": "24900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24900" + }, + { + "name": "akamai-download-manager-bo(33697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33697" + }, + { + "name": "ADV-2007-1415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1415" + }, + { + "name": "23522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23522" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3010.json b/2007/3xxx/CVE-2007-3010.json index 11405c5036f..753930316a6 100644 --- a/2007/3xxx/CVE-2007-3010.json +++ b/2007/3xxx/CVE-2007-3010.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070917 Alcatel-Lucent OmniPCX Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479699/100/0/threaded" - }, - { - "name" : "20070917 Alcatel-Lucent OmniPCX Remote Command Execution", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=119002152126755&w=2" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php" - }, - { - "name" : "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm" - }, - { - "name" : "25694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25694" - }, - { - "name" : "ADV-2007-3185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3185" - }, - { - "name" : "40521", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40521" - }, - { - "name" : "26853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26853" - }, - { - "name" : "alcatel-unified-mastercgi-command-execution(36632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3185" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php" + }, + { + "name": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm", + "refsource": "CONFIRM", + "url": "http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm" + }, + { + "name": "26853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26853" + }, + { + "name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=119002152126755&w=2" + }, + { + "name": "40521", + "refsource": "OSVDB", + "url": "http://osvdb.org/40521" + }, + { + "name": "20070917 Alcatel-Lucent OmniPCX Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479699/100/0/threaded" + }, + { + "name": "alcatel-unified-mastercgi-command-execution(36632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36632" + }, + { + "name": "25694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25694" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3304.json b/2007/3xxx/CVE-2007-3304.json index 216a9f80adf..8602b59b394 100644 --- a/2007/3xxx/CVE-2007-3304.json +++ b/2007/3xxx/CVE-2007-3304.json @@ -1,407 +1,407 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070529 Apache httpd vulenrabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/469899/100/0/threaded" - }, - { - "name" : "20070619 Apache Prefork MPM vulnerabilities - Report", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471832/100/0/threaded" - }, - { - "name" : "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505990/100/0/threaded" - }, - { - "name" : "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2" - }, - { - "name" : "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e" - }, - { - "name" : "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" - }, - { - "name" : "http://security.psnc.pl/files/apache_report.pdf", - "refsource" : "MISC", - "url" : "http://security.psnc.pl/files/apache_report.pdf" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&revision=547987", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&revision=547987" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_13.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_13.html" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_20.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_20.html" - }, - { - "name" : "http://httpd.apache.org/security/vulnerabilities_22.html", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/security/vulnerabilities_22.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1710", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1710" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=186219", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=186219" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" - }, - { - "name" : "PK50467", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only" - }, - { - "name" : "PK52702", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" - }, - { - "name" : "PK53984", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984" - }, - { - "name" : "FEDORA-2007-2214", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" - }, - { - "name" : "GLSA-200711-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-06.xml" - }, - { - "name" : "HPSBUX02273", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" - }, - { - "name" : "SSRT071476", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" - }, - { - "name" : "MDKSA-2007:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" - }, - { - "name" : "MDKSA-2007:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" - }, - { - "name" : "RHSA-2007:0532", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/errata/RHSA-2007-0532.html" - }, - { - "name" : "RHSA-2007:0556", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0556.html" - }, - { - "name" : "RHSA-2007:0557", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0557.html" - }, - { - "name" : "RHSA-2007:0662", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0662.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "20070701-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" - }, - { - "name" : "103179", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" - }, - { - "name" : "200032", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" - }, - { - "name" : "SUSE-SA:2007:061", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" - }, - { - "name" : "2007-0026", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0026/" - }, - { - "name" : "USN-499-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-499-1" - }, - { - "name" : "24215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24215" - }, - { - "name" : "38939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38939" - }, - { - "name" : "oval:org.mitre.oval:def:11589", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589" - }, - { - "name" : "ADV-2007-2727", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2727" - }, - { - "name" : "ADV-2007-3100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3100" - }, - { - "name" : "ADV-2007-3283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3283" - }, - { - "name" : "ADV-2007-3420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3420" - }, - { - "name" : "ADV-2007-3494", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3494" - }, - { - "name" : "ADV-2007-4305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4305" - }, - { - "name" : "1018304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018304" - }, - { - "name" : "25827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25827" - }, - { - "name" : "25830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25830" - }, - { - "name" : "25920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25920" - }, - { - "name" : "26211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26211" - }, - { - "name" : "26273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26273" - }, - { - "name" : "26443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26443" - }, - { - "name" : "26508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26508" - }, - { - "name" : "26611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26611" - }, - { - "name" : "26759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26759" - }, - { - "name" : "26790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26790" - }, - { - "name" : "26822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26822" - }, - { - "name" : "26842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26842" - }, - { - "name" : "26993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26993" - }, - { - "name" : "27121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27121" - }, - { - "name" : "27209", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27209" - }, - { - "name" : "27563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27563" - }, - { - "name" : "27732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27732" - }, - { - "name" : "28212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28212" - }, - { - "name" : "28224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28224" - }, - { - "name" : "28606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28606" - }, - { - "name" : "2814", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2814" - }, - { - "name" : "ADV-2008-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0233" - }, - { - "name" : "apache-child-process-dos(35095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28606" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111" + }, + { + "name": "MDKSA-2007:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:142" + }, + { + "name": "26822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26822" + }, + { + "name": "ADV-2007-4305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4305" + }, + { + "name": "ADV-2007-3420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3420" + }, + { + "name": "RHSA-2007:0557", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0557.html" + }, + { + "name": "38939", + "refsource": "OSVDB", + "url": "http://osvdb.org/38939" + }, + { + "name": "PK52702", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702" + }, + { + "name": "MDKSA-2007:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:140" + }, + { + "name": "HPSBUX02273", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" + }, + { + "name": "25827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25827" + }, + { + "name": "25920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25920" + }, + { + "name": "26993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26993" + }, + { + "name": "28212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28212" + }, + { + "name": "http://security.psnc.pl/files/apache_report.pdf", + "refsource": "MISC", + "url": "http://security.psnc.pl/files/apache_report.pdf" + }, + { + "name": "1018304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018304" + }, + { + "name": "27563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27563" + }, + { + "name": "27732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27732" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&revision=547987", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&revision=547987" + }, + { + "name": "103179", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1" + }, + { + "name": "27209", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27209" + }, + { + "name": "RHSA-2007:0662", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0662.html" + }, + { + "name": "26790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26790" + }, + { + "name": "RHSA-2007:0556", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0556.html" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_20.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_20.html" + }, + { + "name": "SUSE-SA:2007:061", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" + }, + { + "name": "20070529 Apache httpd vulenrabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded" + }, + { + "name": "FEDORA-2007-2214", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" + }, + { + "name": "[apache-httpd-dev] 20070622 Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2" + }, + { + "name": "26759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26759" + }, + { + "name": "ADV-2007-3494", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3494" + }, + { + "name": "PK50467", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only" + }, + { + "name": "2007-0026", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0026/" + }, + { + "name": "RHSA-2007:0532", + "refsource": "REDHAT", + "url": "http://www.redhat.com/errata/RHSA-2007-0532.html" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_22.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_22.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1710", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1710" + }, + { + "name": "[apache-httpd-dev] 20070629 Re: [PATCH] pid safety checks for 2.2.x", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e" + }, + { + "name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded" + }, + { + "name": "2814", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2814" + }, + { + "name": "oval:org.mitre.oval:def:11589", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589" + }, + { + "name": "27121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27121" + }, + { + "name": "20070619 Apache Prefork MPM vulnerabilities - Report", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded" + }, + { + "name": "ADV-2008-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0233" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html" + }, + { + "name": "26211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26211" + }, + { + "name": "apache-child-process-dos(35095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095" + }, + { + "name": "26443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26443" + }, + { + "name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html" + }, + { + "name": "http://httpd.apache.org/security/vulnerabilities_13.html", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/security/vulnerabilities_13.html" + }, + { + "name": "GLSA-200711-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" + }, + { + "name": "28224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28224" + }, + { + "name": "200032", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1" + }, + { + "name": "25830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25830" + }, + { + "name": "24215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24215" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-363.htm" + }, + { + "name": "USN-499-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-499-1" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "26508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26508" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm" + }, + { + "name": "26842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26842" + }, + { + "name": "ADV-2007-3283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3283" + }, + { + "name": "20070701-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc" + }, + { + "name": "PK53984", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984" + }, + { + "name": "ADV-2007-2727", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2727" + }, + { + "name": "26611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26611" + }, + { + "name": "26273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26273" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" + }, + { + "name": "ADV-2007-3100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3100" + }, + { + "name": "SSRT071476", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3493.json b/2007/3xxx/CVE-2007-3493.json index 962a2dcbfc7..077ba55f9a4 100644 --- a/2007/3xxx/CVE-2007-3493.json +++ b/2007/3xxx/CVE-2007-3493.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4109", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4109" - }, - { - "name" : "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html" - }, - { - "name" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last", - "refsource" : "MISC", - "url" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last" - }, - { - "name" : "24656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24656" - }, - { - "name" : "ADV-2007-2351", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2351" - }, - { - "name" : "37673", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37673" - }, - { - "name" : "25851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25851" - }, - { - "name" : "nctaudiostudio2-createfile-file-overwrite(35081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4109", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4109" + }, + { + "name": "37673", + "refsource": "OSVDB", + "url": "http://osvdb.org/37673" + }, + { + "name": "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/exploits/ntcwavchunkstxt.html" + }, + { + "name": "25851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25851" + }, + { + "name": "nctaudiostudio2-createfile-file-overwrite(35081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35081" + }, + { + "name": "24656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24656" + }, + { + "name": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last", + "refsource": "MISC", + "url": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1182845325.ff.php&page=last" + }, + { + "name": "ADV-2007-2351", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2351" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3859.json b/2007/3xxx/CVE-2007-3859.json index 918565da026..1e3c549d2e9 100644 --- a/2007/3xxx/CVE-2007-3859.json +++ b/2007/3xxx/CVE-2007-3859.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", - "refsource" : "MISC", - "url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" - }, - { - "name" : "TA07-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-200A.html" - }, - { - "name" : "ADV-2007-2562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2562" - }, - { - "name" : "ADV-2007-2635", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2635" - }, - { - "name" : "1018415", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018415" - }, - { - "name" : "26114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26114" - }, - { - "name" : "26166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26166" - }, - { - "name" : "oracle-cpu-july2007(35490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" + }, + { + "name": "26114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26114" + }, + { + "name": "26166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26166" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html" + }, + { + "name": "TA07-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html" + }, + { + "name": "ADV-2007-2562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2562" + }, + { + "name": "ADV-2007-2635", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2635" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" + }, + { + "name": "oracle-cpu-july2007(35490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490" + }, + { + "name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", + "refsource": "MISC", + "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf" + }, + { + "name": "1018415", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018415" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4530.json b/2007/4xxx/CVE-2007-4530.json index 8e436290379..7aeac4c2838 100644 --- a/2007/4xxx/CVE-2007-4530.json +++ b/2007/4xxx/CVE-2007-4530.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070823 Re: TeamSpeak 2 Server Vulnerabilities?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477424/100/0/threaded" - }, - { - "name" : "20070511 Teamspeak Server 2.0.20.1 Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html" - }, - { - "name" : "http://securityvulns.com/Rdocument6.html", - "refsource" : "MISC", - "url" : "http://securityvulns.com/Rdocument6.html" - }, - { - "name" : "23933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23933" - }, - { - "name" : "36048", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36048" - }, - { - "name" : "36049", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36049" - }, - { - "name" : "25242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25242" - }, - { - "name" : "teamspeak-errorbox-okbox-xss(34252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070823 Re: TeamSpeak 2 Server Vulnerabilities?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477424/100/0/threaded" + }, + { + "name": "23933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23933" + }, + { + "name": "36048", + "refsource": "OSVDB", + "url": "http://osvdb.org/36048" + }, + { + "name": "25242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25242" + }, + { + "name": "http://securityvulns.com/Rdocument6.html", + "refsource": "MISC", + "url": "http://securityvulns.com/Rdocument6.html" + }, + { + "name": "36049", + "refsource": "OSVDB", + "url": "http://osvdb.org/36049" + }, + { + "name": "20070511 Teamspeak Server 2.0.20.1 Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0165.html" + }, + { + "name": "teamspeak-errorbox-okbox-xss(34252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34252" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4605.json b/2007/4xxx/CVE-2007-4605.json index 795638c5364..d276f10d458 100644 --- a/2007/4xxx/CVE-2007-4605.json +++ b/2007/4xxx/CVE-2007-4605.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4332", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4332" - }, - { - "name" : "vwar-mvcw-file-include(36316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4332", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4332" + }, + { + "name": "vwar-mvcw-file-include(36316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36316" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4958.json b/2007/4xxx/CVE-2007-4958.json index 8f66f96f5b2..9d20cdc6527 100644 --- a/2007/4xxx/CVE-2007-4958.json +++ b/2007/4xxx/CVE-2007-4958.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25689" - }, - { - "name" : "ADV-2007-3186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3186" - }, - { - "name" : "26841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26841" - }, - { - "name" : "tinywebgallery-multiple-scripts-xss(36644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3186" + }, + { + "name": "26841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26841" + }, + { + "name": "25689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25689" + }, + { + "name": "tinywebgallery-multiple-scripts-xss(36644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36644" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5063.json b/2014/5xxx/CVE-2014-5063.json index cabfa37103e..7fdd74211ab 100644 --- a/2014/5xxx/CVE-2014-5063.json +++ b/2014/5xxx/CVE-2014-5063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5854.json b/2014/5xxx/CVE-2014-5854.json index 30c456f4d7b..1708ce9cc1a 100644 --- a/2014/5xxx/CVE-2014-5854.json +++ b/2014/5xxx/CVE-2014-5854.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#525825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/525825" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#525825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/525825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2218.json b/2015/2xxx/CVE-2015-2218.json index e9dc69bbd55..fe2cac932ac 100644 --- a/2015/2xxx/CVE-2015-2218.json +++ b/2015/2xxx/CVE-2015-2218.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36086", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36086" - }, - { - "name" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html", - "refsource" : "MISC", - "url" : "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html" - }, - { - "name" : "http://www.wonderplugin.com/wordpress-audio-player/", - "refsource" : "MISC", - "url" : "http://www.wonderplugin.com/wordpress-audio-player/" - }, - { - "name" : "74851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74851" - }, - { - "name" : "118510", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118510" - }, - { - "name" : "118511", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/118511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html", + "refsource": "MISC", + "url": "http://security.szurek.pl/wonderplugin-audio-player-20-blind-sql-injection-and-xss.html" + }, + { + "name": "118511", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118511" + }, + { + "name": "74851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74851" + }, + { + "name": "36086", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36086" + }, + { + "name": "118510", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/118510" + }, + { + "name": "http://www.wonderplugin.com/wordpress-audio-player/", + "refsource": "MISC", + "url": "http://www.wonderplugin.com/wordpress-audio-player/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2311.json b/2015/2xxx/CVE-2015-2311.json index 7848482e9e6..3603a030833 100644 --- a/2015/2xxx/CVE-2015-2311.json +++ b/2015/2xxx/CVE-2015-2311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566" - }, - { - "name" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md" - }, - { - "name" : "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633", - "refsource" : "CONFIRM", - "url" : "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566" + }, + { + "name": "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/17/3" + }, + { + "name": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md", + "refsource": "CONFIRM", + "url": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md" + }, + { + "name": "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633", + "refsource": "CONFIRM", + "url": "https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2733.json b/2015/2xxx/CVE-2015-2733.json index 6800a8d30ef..bf3ba601d67 100644 --- a/2015/2xxx/CVE-2015-2733.json +++ b/2015/2xxx/CVE-2015-2733.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:1207", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1207.html" - }, - { - "name" : "SUSE-SU-2015:1268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:1269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" - }, - { - "name" : "USN-2656-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-1" - }, - { - "name" : "USN-2656-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2656-2" - }, - { - "name" : "75541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75541" - }, - { - "name" : "1032783", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032783" - }, - { - "name" : "1032784", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" + }, + { + "name": "SUSE-SU-2015:1268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867" + }, + { + "name": "75541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75541" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "1032784", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032784" + }, + { + "name": "RHSA-2015:1207", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html" + }, + { + "name": "SUSE-SU-2015:1269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html" + }, + { + "name": "USN-2656-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-1" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "1032783", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032783" + }, + { + "name": "USN-2656-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2656-2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2881.json b/2015/2xxx/CVE-2015-2881.json index 3782150b39a..faf38445add 100644 --- a/2015/2xxx/CVE-2015-2881.json +++ b/2015/2xxx/CVE-2015-2881.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2015-2881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gynoii", - "version" : { - "version_data" : [ - { - "version_value" : "Gynoii" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "backdoor" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-2881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gynoii", + "version": { + "version_data": [ + { + "version_value": "Gynoii" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "backdoor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2944.json b/2015/2xxx/CVE-2015-2944.json index f735420ac35..fbe4c8bbb3d 100644 --- a/2015/2xxx/CVE-2015-2944.json +++ b/2015/2xxx/CVE-2015-2944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-2944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.apache.org/jira/browse/SLING-2082", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/SLING-2082" - }, - { - "name" : "JVN#61328139", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN61328139/index.html" - }, - { - "name" : "JVNDB-2015-000069", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069" - }, - { - "name" : "74839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#61328139", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN61328139/index.html" + }, + { + "name": "74839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74839" + }, + { + "name": "https://issues.apache.org/jira/browse/SLING-2082", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/SLING-2082" + }, + { + "name": "JVNDB-2015-000069", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000069" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6213.json b/2015/6xxx/CVE-2015-6213.json index 8b721278ee8..ab4d7eaac2e 100644 --- a/2015/6xxx/CVE-2015-6213.json +++ b/2015/6xxx/CVE-2015-6213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6213", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6213", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6256.json b/2015/6xxx/CVE-2015-6256.json index b47b058f527..bd0a97590bc 100644 --- a/2015/6xxx/CVE-2015-6256.json +++ b/2015/6xxx/CVE-2015-6256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150820 Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40585" - }, - { - "name" : "1033355", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150820 Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40585" + }, + { + "name": "1033355", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033355" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6865.json b/2015/6xxx/CVE-2015-6865.json index 08c4ae97010..0ed1bbabfb9 100644 --- a/2015/6xxx/CVE-2015-6865.json +++ b/2015/6xxx/CVE-2015-6865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6865", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6865", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6888.json b/2015/6xxx/CVE-2015-6888.json index dce02ef43bf..96df1a08893 100644 --- a/2015/6xxx/CVE-2015-6888.json +++ b/2015/6xxx/CVE-2015-6888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6888", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6888", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7044.json b/2015/7xxx/CVE-2015-7044.json index 88d53579f7a..dc4f0c4bc4e 100644 --- a/2015/7xxx/CVE-2015-7044.json +++ b/2015/7xxx/CVE-2015-7044.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205637", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205637" - }, - { - "name" : "APPLE-SA-2015-12-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" - }, - { - "name" : "1034344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205637", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205637" + }, + { + "name": "1034344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034344" + }, + { + "name": "APPLE-SA-2015-12-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7743.json b/2015/7xxx/CVE-2015-7743.json index e2152d5bae7..be1b8a395de 100644 --- a/2015/7xxx/CVE-2015-7743.json +++ b/2015/7xxx/CVE-2015-7743.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html" - }, - { - "name" : "https://www.paessler.com/prtg/history/stable#16.2.23.3077", - "refsource" : "CONFIRM", - "url" : "https://www.paessler.com/prtg/history/stable#16.2.23.3077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html" + }, + { + "name": "https://www.paessler.com/prtg/history/stable#16.2.23.3077", + "refsource": "CONFIRM", + "url": "https://www.paessler.com/prtg/history/stable#16.2.23.3077" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7754.json b/2015/7xxx/CVE-2015-7754.json index 81d421cec2b..770d5a3f57f 100644 --- a/2015/7xxx/CVE-2015-7754.json +++ b/2015/7xxx/CVE-2015-7754.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712" - }, - { - "name" : "79627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79627" - }, - { - "name" : "1034490", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79627" + }, + { + "name": "1034490", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034490" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7841.json b/2015/7xxx/CVE-2015-7841.json index fce761a7b68..568b3b3250f 100644 --- a/2015/7xxx/CVE-2015-7841.json +++ b/2015/7xxx/CVE-2015-7841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a \"user creation command.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm" - }, - { - "name" : "76836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a \"user creation command.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm", + "refsource": "CONFIRM", + "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm" + }, + { + "name": "76836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76836" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7921.json b/2015/7xxx/CVE-2015-7921.json index 94d57cf4797..25a2bb86e54 100644 --- a/2015/7xxx/CVE-2015-7921.json +++ b/2015/7xxx/CVE-2015-7921.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-7921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7982.json b/2015/7xxx/CVE-2015-7982.json index 1c5b8eacb9b..fae97671947 100644 --- a/2015/7xxx/CVE-2015-7982.json +++ b/2015/7xxx/CVE-2015-7982.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7982", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7982", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0032.json b/2016/0xxx/CVE-2016-0032.json index 16f18160f0d..8c168c695ed 100644 --- a/2016/0xxx/CVE-2016-0032.json +++ b/2016/0xxx/CVE-2016-0032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010" - }, - { - "name" : "1034647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Exchange Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010" + }, + { + "name": "1034647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034647" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0128.json b/2016/0xxx/CVE-2016-0128.json index 990b8184d46..5f826d8f9a7 100644 --- a/2016/0xxx/CVE-2016-0128.json +++ b/2016/0xxx/CVE-2016-0128.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"Windows SAM and LSAD Downgrade Vulnerability\" or \"BADLOCK.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.samba.org/samba/security/CVE-2016-2118.html", - "refsource" : "MISC", - "url" : "https://www.samba.org/samba/security/CVE-2016-2118.html" - }, - { - "name" : "http://badlock.org/", - "refsource" : "MISC", - "url" : "http://badlock.org/" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa122", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa122" - }, - { - "name" : "MS16-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-047" - }, - { - "name" : "VU#813296", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/813296" - }, - { - "name" : "1035534", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"Windows SAM and LSAD Downgrade Vulnerability\" or \"BADLOCK.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://badlock.org/", + "refsource": "MISC", + "url": "http://badlock.org/" + }, + { + "name": "MS16-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-047" + }, + { + "name": "VU#813296", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/813296" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2016-2118.html", + "refsource": "MISC", + "url": "https://www.samba.org/samba/security/CVE-2016-2118.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa122", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa122" + }, + { + "name": "1035534", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035534" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0735.json b/2016/0xxx/CVE-2016-0735.json index 8db169a2926..f20092df9c6 100644 --- a/2016/0xxx/CVE-2016-0735.json +++ b/2016/0xxx/CVE-2016-0735.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ranger-dev] 20160328 CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[ranger-dev] 20160328 CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000196.json b/2016/1000xxx/CVE-2016-1000196.json index 1cf2024f6c4..52aab8f16d2 100644 --- a/2016/1000xxx/CVE-2016-1000196.json +++ b/2016/1000xxx/CVE-2016-1000196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10236.json b/2016/10xxx/CVE-2016-10236.json index 5af99f4b873..c35487c1d17 100644 --- a/2016/10xxx/CVE-2016-10236.json +++ b/2016/10xxx/CVE-2016-10236.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-04-03T00:00:00", - "ID" : "CVE-2016-10236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-04-03T00:00:00", + "ID": "CVE-2016-10236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97359" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97359" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1493.json b/2016/1xxx/CVE-2016-1493.json index 440335d3b0c..dd9b489f060 100644 --- a/2016/1xxx/CVE-2016-1493.json +++ b/2016/1xxx/CVE-2016-1493.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537327/100/0/threaded" - }, - { - "name" : "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Jan/56" - }, - { - "name" : "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html" - }, - { - "name" : "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135314/Intel-Driver-Update-Utility-2.2.0.5-Man-In-The-Middle.html" + }, + { + "name": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00048&languageid=en-fr" + }, + { + "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537327/100/0/threaded" + }, + { + "name": "20160119 [CORE-2016-0001] - Intel Driver Update Utility MiTM", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Jan/56" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1695.json b/2016/1xxx/CVE-2016-1695.json index 8df0175b377..2d39411a340 100644 --- a/2016/1xxx/CVE-2016-1695.json +++ b/2016/1xxx/CVE-2016-1695.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" - }, - { - "name" : "https://crbug.com/582698", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/582698" - }, - { - "name" : "https://crbug.com/582714", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/582714" - }, - { - "name" : "https://crbug.com/585658", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/585658" - }, - { - "name" : "https://crbug.com/587897", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/587897" - }, - { - "name" : "https://crbug.com/588178", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/588178" - }, - { - "name" : "https://crbug.com/588548", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/588548" - }, - { - "name" : "https://crbug.com/595262", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/595262" - }, - { - "name" : "https://crbug.com/599081", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/599081" - }, - { - "name" : "https://crbug.com/599627", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/599627" - }, - { - "name" : "https://crbug.com/602046", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/602046" - }, - { - "name" : "https://crbug.com/602185", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/602185" - }, - { - "name" : "https://crbug.com/605474", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/605474" - }, - { - "name" : "https://crbug.com/607483", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/607483" - }, - { - "name" : "https://crbug.com/609134", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/609134" - }, - { - "name" : "https://crbug.com/610646", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/610646" - }, - { - "name" : "https://crbug.com/611887", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/611887" - }, - { - "name" : "https://crbug.com/612132", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/612132" - }, - { - "name" : "https://crbug.com/612364", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/612364" - }, - { - "name" : "https://crbug.com/612613", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/612613" - }, - { - "name" : "https://crbug.com/614767", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/614767" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-18", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-18" - }, - { - "name" : "DSA-3590", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3590" - }, - { - "name" : "GLSA-201607-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-07" - }, - { - "name" : "RHSA-2016:1190", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1190" - }, - { - "name" : "openSUSE-SU-2016:1430", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" - }, - { - "name" : "openSUSE-SU-2016:1433", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" - }, - { - "name" : "openSUSE-SU-2016:1496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" - }, - { - "name" : "USN-2992-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2992-1" - }, - { - "name" : "90876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90876" - }, - { - "name" : "1035981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/582714", + "refsource": "CONFIRM", + "url": "https://crbug.com/582714" + }, + { + "name": "https://crbug.com/602185", + "refsource": "CONFIRM", + "url": "https://crbug.com/602185" + }, + { + "name": "https://crbug.com/614767", + "refsource": "CONFIRM", + "url": "https://crbug.com/614767" + }, + { + "name": "https://crbug.com/599081", + "refsource": "CONFIRM", + "url": "https://crbug.com/599081" + }, + { + "name": "https://crbug.com/588178", + "refsource": "CONFIRM", + "url": "https://crbug.com/588178" + }, + { + "name": "90876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90876" + }, + { + "name": "https://crbug.com/611887", + "refsource": "CONFIRM", + "url": "https://crbug.com/611887" + }, + { + "name": "https://crbug.com/612132", + "refsource": "CONFIRM", + "url": "https://crbug.com/612132" + }, + { + "name": "https://crbug.com/610646", + "refsource": "CONFIRM", + "url": "https://crbug.com/610646" + }, + { + "name": "https://crbug.com/605474", + "refsource": "CONFIRM", + "url": "https://crbug.com/605474" + }, + { + "name": "openSUSE-SU-2016:1496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html" + }, + { + "name": "1035981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035981" + }, + { + "name": "DSA-3590", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3590" + }, + { + "name": "https://crbug.com/602046", + "refsource": "CONFIRM", + "url": "https://crbug.com/602046" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" + }, + { + "name": "https://crbug.com/607483", + "refsource": "CONFIRM", + "url": "https://crbug.com/607483" + }, + { + "name": "https://crbug.com/585658", + "refsource": "CONFIRM", + "url": "https://crbug.com/585658" + }, + { + "name": "USN-2992-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2992-1" + }, + { + "name": "openSUSE-SU-2016:1430", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html" + }, + { + "name": "https://www.tenable.com/security/tns-2016-18", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-18" + }, + { + "name": "https://crbug.com/582698", + "refsource": "CONFIRM", + "url": "https://crbug.com/582698" + }, + { + "name": "RHSA-2016:1190", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1190" + }, + { + "name": "https://crbug.com/612364", + "refsource": "CONFIRM", + "url": "https://crbug.com/612364" + }, + { + "name": "https://crbug.com/599627", + "refsource": "CONFIRM", + "url": "https://crbug.com/599627" + }, + { + "name": "https://crbug.com/587897", + "refsource": "CONFIRM", + "url": "https://crbug.com/587897" + }, + { + "name": "https://crbug.com/609134", + "refsource": "CONFIRM", + "url": "https://crbug.com/609134" + }, + { + "name": "https://crbug.com/595262", + "refsource": "CONFIRM", + "url": "https://crbug.com/595262" + }, + { + "name": "https://crbug.com/588548", + "refsource": "CONFIRM", + "url": "https://crbug.com/588548" + }, + { + "name": "GLSA-201607-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-07" + }, + { + "name": "https://crbug.com/612613", + "refsource": "CONFIRM", + "url": "https://crbug.com/612613" + }, + { + "name": "openSUSE-SU-2016:1433", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1774.json b/2016/1xxx/CVE-2016-1774.json index 69bad93839c..c7e9e13a26e 100644 --- a/2016/1xxx/CVE-2016-1774.json +++ b/2016/1xxx/CVE-2016-1774.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206173", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206173" - }, - { - "name" : "APPLE-SA-2016-03-21-7", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html" - }, - { - "name" : "85054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85054" - }, - { - "name" : "1035342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035342" + }, + { + "name": "85054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85054" + }, + { + "name": "https://support.apple.com/HT206173", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206173" + }, + { + "name": "APPLE-SA-2016-03-21-7", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4212.json b/2016/4xxx/CVE-2016-4212.json index d42a8a9a862..6c3dabada15 100644 --- a/2016/4xxx/CVE-2016-4212.json +++ b/2016/4xxx/CVE-2016-4212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html" - }, - { - "name" : "91716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91716" - }, - { - "name" : "1036281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91716" + }, + { + "name": "1036281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036281" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb16-26.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4943.json b/2016/4xxx/CVE-2016-4943.json index e414b11c0c4..456f3af1427 100644 --- a/2016/4xxx/CVE-2016-4943.json +++ b/2016/4xxx/CVE-2016-4943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003036.json b/2019/1003xxx/CVE-2019-1003036.json index c8403b8f57a..8585ce0246e 100644 --- a/2019/1003xxx/CVE-2019-1003036.json +++ b/2019/1003xxx/CVE-2019-1003036.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-03-06T22:44:37.386888", - "ID" : "CVE-2019-1003036", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Azure VM Agents Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "0.8.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285, CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-03-06T22:44:37.386888", + "ID": "CVE-2019-1003036", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure VM Agents Plugin", + "version": { + "version_data": [ + { + "version_value": "0.8.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285, CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3088.json b/2019/3xxx/CVE-2019-3088.json index f4e0993fcc4..bdad9863e25 100644 --- a/2019/3xxx/CVE-2019-3088.json +++ b/2019/3xxx/CVE-2019-3088.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3088", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3088", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3171.json b/2019/3xxx/CVE-2019-3171.json index eb0eb9b6240..6e41f0d9712 100644 --- a/2019/3xxx/CVE-2019-3171.json +++ b/2019/3xxx/CVE-2019-3171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3182.json b/2019/3xxx/CVE-2019-3182.json index 0d14ec6567b..3957d0d6572 100644 --- a/2019/3xxx/CVE-2019-3182.json +++ b/2019/3xxx/CVE-2019-3182.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3182", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3182", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3597.json b/2019/3xxx/CVE-2019-3597.json index 6d03b6e11d0..d7006df1e1c 100644 --- a/2019/3xxx/CVE-2019-3597.json +++ b/2019/3xxx/CVE-2019-3597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3597", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3597", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4255.json b/2019/4xxx/CVE-2019-4255.json index 9d731302273..75a016d9239 100644 --- a/2019/4xxx/CVE-2019-4255.json +++ b/2019/4xxx/CVE-2019-4255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4463.json b/2019/4xxx/CVE-2019-4463.json index 65c86e2b557..d504f79c256 100644 --- a/2019/4xxx/CVE-2019-4463.json +++ b/2019/4xxx/CVE-2019-4463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4676.json b/2019/4xxx/CVE-2019-4676.json index 1323bc1dffe..3b91bbec65c 100644 --- a/2019/4xxx/CVE-2019-4676.json +++ b/2019/4xxx/CVE-2019-4676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4914.json b/2019/4xxx/CVE-2019-4914.json index b0db11a55d3..8db8318ab10 100644 --- a/2019/4xxx/CVE-2019-4914.json +++ b/2019/4xxx/CVE-2019-4914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4914", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4914", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6521.json b/2019/6xxx/CVE-2019-6521.json index 5710374c2ee..99b4a370ff2 100644 --- a/2019/6xxx/CVE-2019-6521.json +++ b/2019/6xxx/CVE-2019-6521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2019-6521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2019-6521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01" - }, - { - "name" : "106722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01" + }, + { + "name": "106722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106722" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6539.json b/2019/6xxx/CVE-2019-6539.json index fb3e768ead5..fee515a4870 100644 --- a/2019/6xxx/CVE-2019-6539.json +++ b/2019/6xxx/CVE-2019-6539.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2019-6539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WECON LeviStudioU", - "version" : { - "version_data" : [ - { - "version_value" : "LeviStudioU Versions 1.8.56 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2019-6539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WECON LeviStudioU", + "version": { + "version_data": [ + { + "version_value": "LeviStudioU Versions 1.8.56 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03" - }, - { - "name" : "106861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106861" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-03" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7588.json b/2019/7xxx/CVE-2019-7588.json index 12a38b58d0a..433a302fae4 100644 --- a/2019/7xxx/CVE-2019-7588.json +++ b/2019/7xxx/CVE-2019-7588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7636.json b/2019/7xxx/CVE-2019-7636.json index a1891ae6487..848f317a54f 100644 --- a/2019/7xxx/CVE-2019-7636.json +++ b/2019/7xxx/CVE-2019-7636.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" - }, - { - "name" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4499", - "refsource" : "MISC", - "url" : "https://bugzilla.libsdl.org/show_bug.cgi?id=4499" - }, - { - "name" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", - "refsource" : "MISC", - "url" : "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html" + }, + { + "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html" + }, + { + "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4499", + "refsource": "MISC", + "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4499" + }, + { + "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720", + "refsource": "MISC", + "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7804.json b/2019/7xxx/CVE-2019-7804.json index 2966d3938a1..ad9880fc6ee 100644 --- a/2019/7xxx/CVE-2019-7804.json +++ b/2019/7xxx/CVE-2019-7804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8668.json b/2019/8xxx/CVE-2019-8668.json index afcf89df1b6..e43386f2aaa 100644 --- a/2019/8xxx/CVE-2019-8668.json +++ b/2019/8xxx/CVE-2019-8668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8837.json b/2019/8xxx/CVE-2019-8837.json index 2497c010c6f..a08fdfa8939 100644 --- a/2019/8xxx/CVE-2019-8837.json +++ b/2019/8xxx/CVE-2019-8837.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8837", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8837", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8903.json b/2019/8xxx/CVE-2019-8903.json index 329dd2c2dc5..452ffc9cbcb 100644 --- a/2019/8xxx/CVE-2019-8903.json +++ b/2019/8xxx/CVE-2019-8903.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.js in Total.js Platform before 3.2.3 allows path traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7", - "refsource" : "MISC", - "url" : "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7" - }, - { - "name" : "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b", - "refsource" : "MISC", - "url" : "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.js in Total.js Platform before 3.2.3 allows path traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7", + "refsource": "MISC", + "url": "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7" + }, + { + "name": "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b", + "refsource": "MISC", + "url": "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9445.json b/2019/9xxx/CVE-2019-9445.json index cf0e8fd8bd2..201865c1602 100644 --- a/2019/9xxx/CVE-2019-9445.json +++ b/2019/9xxx/CVE-2019-9445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9479.json b/2019/9xxx/CVE-2019-9479.json index 82006c2a12e..5a3822ff053 100644 --- a/2019/9xxx/CVE-2019-9479.json +++ b/2019/9xxx/CVE-2019-9479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9640.json b/2019/9xxx/CVE-2019-9640.json index 61f4c893e55..e01f83da42a 100644 --- a/2019/9xxx/CVE-2019-9640.json +++ b/2019/9xxx/CVE-2019-9640.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=77540", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=77540" - }, - { - "name" : "DSA-4403", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4403", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4403" + }, + { + "name": "https://bugs.php.net/bug.php?id=77540", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=77540" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9758.json b/2019/9xxx/CVE-2019-9758.json index e8109baec2f..742667fb696 100644 --- a/2019/9xxx/CVE-2019-9758.json +++ b/2019/9xxx/CVE-2019-9758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9758", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9758", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file