From 7c2b6c2798df816c799229c4af095a6961cad66e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:36:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0864.json | 160 +++++++++---------- 1999/1xxx/CVE-1999-1413.json | 130 ++++++++-------- 2005/2xxx/CVE-2005-2851.json | 170 ++++++++++---------- 2005/2xxx/CVE-2005-2895.json | 140 ++++++++--------- 2007/1xxx/CVE-2007-1243.json | 150 +++++++++--------- 2007/1xxx/CVE-2007-1848.json | 150 +++++++++--------- 2007/5xxx/CVE-2007-5341.json | 140 ++++++++--------- 2007/5xxx/CVE-2007-5617.json | 200 ++++++++++++------------ 2007/5xxx/CVE-2007-5628.json | 140 ++++++++--------- 2007/5xxx/CVE-2007-5634.json | 140 ++++++++--------- 2007/5xxx/CVE-2007-5888.json | 160 +++++++++---------- 2009/2xxx/CVE-2009-2471.json | 240 ++++++++++++++--------------- 2015/3xxx/CVE-2015-3492.json | 34 ++-- 2015/3xxx/CVE-2015-3673.json | 160 +++++++++---------- 2015/3xxx/CVE-2015-3951.json | 130 ++++++++-------- 2015/4xxx/CVE-2015-4650.json | 130 ++++++++-------- 2015/7xxx/CVE-2015-7423.json | 140 ++++++++--------- 2015/7xxx/CVE-2015-7737.json | 34 ++-- 2015/8xxx/CVE-2015-8614.json | 190 +++++++++++------------ 2015/8xxx/CVE-2015-8818.json | 200 ++++++++++++------------ 2015/8xxx/CVE-2015-8860.json | 130 ++++++++-------- 2015/9xxx/CVE-2015-9042.json | 132 ++++++++-------- 2015/9xxx/CVE-2015-9135.json | 132 ++++++++-------- 2016/1xxx/CVE-2016-1170.json | 140 ++++++++--------- 2016/1xxx/CVE-2016-1312.json | 140 ++++++++--------- 2016/1xxx/CVE-2016-1763.json | 140 ++++++++--------- 2016/1xxx/CVE-2016-1940.json | 150 +++++++++--------- 2016/5xxx/CVE-2016-5987.json | 130 ++++++++-------- 2018/1999xxx/CVE-2018-1999037.json | 120 +++++++-------- 2018/2xxx/CVE-2018-2184.json | 34 ++-- 2018/2xxx/CVE-2018-2623.json | 142 ++++++++--------- 2018/2xxx/CVE-2018-2703.json | 190 +++++++++++------------ 2018/2xxx/CVE-2018-2945.json | 142 ++++++++--------- 2018/6xxx/CVE-2018-6555.json | 238 ++++++++++++++-------------- 2019/0xxx/CVE-2019-0217.json | 34 ++-- 2019/0xxx/CVE-2019-0494.json | 34 ++-- 2019/0xxx/CVE-2019-0802.json | 34 ++-- 2019/0xxx/CVE-2019-0921.json | 34 ++-- 2019/1xxx/CVE-2019-1365.json | 34 ++-- 2019/1xxx/CVE-2019-1445.json | 34 ++-- 2019/1xxx/CVE-2019-1695.json | 34 ++-- 2019/1xxx/CVE-2019-1992.json | 132 ++++++++-------- 2019/4xxx/CVE-2019-4233.json | 34 ++-- 2019/4xxx/CVE-2019-4305.json | 34 ++-- 2019/4xxx/CVE-2019-4844.json | 34 ++-- 2019/4xxx/CVE-2019-4933.json | 34 ++-- 2019/5xxx/CVE-2019-5130.json | 34 ++-- 2019/5xxx/CVE-2019-5261.json | 34 ++-- 2019/5xxx/CVE-2019-5380.json | 34 ++-- 2019/5xxx/CVE-2019-5602.json | 34 ++-- 50 files changed, 2770 insertions(+), 2770 deletions(-) diff --git a/1999/0xxx/CVE-1999-0864.json b/1999/0xxx/CVE-1999-0864.json index 5efa77f9111..55e18efb5fe 100644 --- a/1999/0xxx/CVE-1999-0864.json +++ b/1999/0xxx/CVE-1999-0864.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991202 UnixWare coredumps follow symlinks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net" - }, - { - "name" : "19991215 Recent postings about SCO UnixWare 7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94530783815434&w=2" - }, - { - "name" : "19991223 FYI, SCO Security patches available.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94606167110764&w=2" - }, - { - "name" : "19991220 SCO OpenServer Security Status", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94581379905584&w=2" - }, - { - "name" : "851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19991220 SCO OpenServer Security Status", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94581379905584&w=2" + }, + { + "name": "851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/851" + }, + { + "name": "19991215 Recent postings about SCO UnixWare 7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94530783815434&w=2" + }, + { + "name": "19991223 FYI, SCO Security patches available.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94606167110764&w=2" + }, + { + "name": "19991202 UnixWare coredumps follow symlinks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1413.json b/1999/1xxx/CVE-1999-1413.json index 4db45a82448..2a21ed11358 100644 --- a/1999/1xxx/CVE-1999-1413.json +++ b/1999/1xxx/CVE-1999-1413.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19960803 Exploiting Zolaris 2.4 ?? :)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=87602167419549&w=2" - }, - { - "name" : "296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19960803 Exploiting Zolaris 2.4 ?? :)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=87602167419549&w=2" + }, + { + "name": "296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/296" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2851.json b/2005/2xxx/CVE-2005-2851.json index b17d6241204..59447479e37 100644 --- a/2005/2xxx/CVE-2005-2851.json +++ b/2005/2xxx/CVE-2005-2851.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smb4k.berlios.de/", - "refsource" : "CONFIRM", - "url" : "http://smb4k.berlios.de/" - }, - { - "name" : "GLSA-200511-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-15.xml" - }, - { - "name" : "MDKSA-2005:157", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:157" - }, - { - "name" : "14756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14756" - }, - { - "name" : "16724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16724" - }, - { - "name" : "17636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:157", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:157" + }, + { + "name": "16724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16724" + }, + { + "name": "14756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14756" + }, + { + "name": "GLSA-200511-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-15.xml" + }, + { + "name": "http://smb4k.berlios.de/", + "refsource": "CONFIRM", + "url": "http://smb4k.berlios.de/" + }, + { + "name": "17636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17636" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2895.json b/2005/2xxx/CVE-2005-2895.json index b9e443665f1..9ca3c0ade6f 100644 --- a/2005/2xxx/CVE-2005-2895.json +++ b/2005/2xxx/CVE-2005-2895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050907 PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112611338417979&w=2" - }, - { - "name" : "1014861", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Sep/1014861.html" - }, - { - "name" : "pblang-path-disclosure(22191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014861", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Sep/1014861.html" + }, + { + "name": "pblang-path-disclosure(22191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22191" + }, + { + "name": "20050907 PBLang 4.65 (possibly prior versions) remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112611338417979&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1243.json b/2007/1xxx/CVE-2007-1243.json index c2942386b70..5e80c1385ac 100644 --- a/2007/1xxx/CVE-2007-1243.json +++ b/2007/1xxx/CVE-2007-1243.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22728" - }, - { - "name" : "33792", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33792" - }, - { - "name" : "24254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24254" - }, - { - "name" : "audins-unistall-authentication-bypass(32707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22728" + }, + { + "name": "33792", + "refsource": "OSVDB", + "url": "http://osvdb.org/33792" + }, + { + "name": "24254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24254" + }, + { + "name": "audins-unistall-authentication-bypass(32707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32707" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1848.json b/2007/1xxx/CVE-2007-1848.json index d281e82b36e..74df7385372 100644 --- a/2007/1xxx/CVE-2007-1848.json +++ b/2007/1xxx/CVE-2007-1848.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated \"We do not consider security reports valid until the first official release of Drake CMS.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070330 DrakeCMS multiple vulerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464272/100/0/threaded" - }, - { - "name" : "23216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23216" - }, - { - "name" : "2522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2522" - }, - { - "name" : "drakecms-uidta-xss(33332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated \"We do not consider security reports valid until the first official release of Drake CMS.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "drakecms-uidta-xss(33332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33332" + }, + { + "name": "23216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23216" + }, + { + "name": "20070330 DrakeCMS multiple vulerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464272/100/0/threaded" + }, + { + "name": "2522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2522" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5341.json b/2007/5xxx/CVE-2007-5341.json index a23505d414b..ee244fcf256 100644 --- a/2007/5xxx/CVE-2007-5341.json +++ b/2007/5xxx/CVE-2007-5341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-5341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=325761", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=325761" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=345305", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=345305" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=332512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=332512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=345305", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=345305" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=332512", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=332512" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=325761", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=325761" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5617.json b/2007/5xxx/CVE-2007-5617.json index 5d6b930a3a8..a6a3cd6a787 100644 --- a/2007/5xxx/CVE-2007-5617.json +++ b/2007/5xxx/CVE-2007-5617.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "GLSA-200711-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-23.xml" - }, - { - "name" : "ADV-2007-3229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3229" - }, - { - "name" : "26890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26890" - }, - { - "name" : "27706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html" + }, + { + "name": "GLSA-200711-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-23.xml" + }, + { + "name": "ADV-2007-3229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3229" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "26890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26890" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "27706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27706" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5628.json b/2007/5xxx/CVE-2007-5628.json index dbff1f44117..6c339eec231 100644 --- a/2007/5xxx/CVE-2007-5628.json +++ b/2007/5xxx/CVE-2007-5628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4555" - }, - { - "name" : "26165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26165" - }, - { - "name" : "towels-scripture-file-include(37381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4555" + }, + { + "name": "26165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26165" + }, + { + "name": "towels-scripture-file-include(37381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37381" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5634.json b/2007/5xxx/CVE-2007-5634.json index 246662b954d..3c80c901844 100644 --- a/2007/5xxx/CVE-2007-5634.json +++ b/2007/5xxx/CVE-2007-5634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugtrack.almico.com/view.php?id=987", - "refsource" : "MISC", - "url" : "http://www.bugtrack.almico.com/view.php?id=987" - }, - { - "name" : "27312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27312" - }, - { - "name" : "speedfan-speedfan-dos(37299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "speedfan-speedfan-dos(37299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37299" + }, + { + "name": "http://www.bugtrack.almico.com/view.php?id=987", + "refsource": "MISC", + "url": "http://www.bugtrack.almico.com/view.php?id=987" + }, + { + "name": "27312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27312" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5888.json b/2007/5xxx/CVE-2007-5888.json index d071b67fea1..0b396fa8225 100644 --- a/2007/5xxx/CVE-2007-5888.json +++ b/2007/5xxx/CVE-2007-5888.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://coppermine-gallery.net/forum/index.php?topic=48106.0", - "refsource" : "CONFIRM", - "url" : "http://coppermine-gallery.net/forum/index.php?topic=48106.0" - }, - { - "name" : "26357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26357" - }, - { - "name" : "38420", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38420" - }, - { - "name" : "27534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27534" - }, - { - "name" : "coppermine-displayecard-xss(38290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27534" + }, + { + "name": "coppermine-displayecard-xss(38290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38290" + }, + { + "name": "26357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26357" + }, + { + "name": "38420", + "refsource": "OSVDB", + "url": "http://osvdb.org/38420" + }, + { + "name": "http://coppermine-gallery.net/forum/index.php?topic=48106.0", + "refsource": "CONFIRM", + "url": "http://coppermine-gallery.net/forum/index.php?topic=48106.0" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2471.json b/2009/2xxx/CVE-2009-2471.json index 47d2f281ba0..481ecb766ac 100644 --- a/2009/2xxx/CVE-2009-2471.json +++ b/2009/2xxx/CVE-2009-2471.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-39.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460882", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460882" - }, - { - "name" : "FEDORA-2009-7961", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" - }, - { - "name" : "RHSA-2009:1162", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-1162.html" - }, - { - "name" : "SUSE-SA:2009:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:039", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" - }, - { - "name" : "35758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35758" - }, - { - "name" : "oval:org.mitre.oval:def:10572", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10572" - }, - { - "name" : "35914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35914" - }, - { - "name" : "35944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35944" - }, - { - "name" : "36145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36145" - }, - { - "name" : "36005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36005" - }, - { - "name" : "ADV-2009-1972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-39.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-39.html" + }, + { + "name": "FEDORA-2009-7961", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" + }, + { + "name": "36145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36145" + }, + { + "name": "35944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35944" + }, + { + "name": "SUSE-SA:2009:039", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" + }, + { + "name": "RHSA-2009:1162", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html" + }, + { + "name": "35758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35758" + }, + { + "name": "36005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36005" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=460882", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460882" + }, + { + "name": "SUSE-SA:2009:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" + }, + { + "name": "35914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35914" + }, + { + "name": "ADV-2009-1972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1972" + }, + { + "name": "oval:org.mitre.oval:def:10572", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10572" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3492.json b/2015/3xxx/CVE-2015-3492.json index 08ee74bf8bf..63a93d3f8cc 100644 --- a/2015/3xxx/CVE-2015-3492.json +++ b/2015/3xxx/CVE-2015-3492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3673.json b/2015/3xxx/CVE-2015-3673.json index 1ee4fc2502b..6632da1468f 100644 --- a/2015/3xxx/CVE-2015-3673.json +++ b/2015/3xxx/CVE-2015-3673.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-3673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38036", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38036/" - }, - { - "name" : "http://support.apple.com/kb/HT204942", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT204942" - }, - { - "name" : "APPLE-SA-2015-06-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" - }, - { - "name" : "75493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75493" - }, - { - "name" : "1032760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-06-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" + }, + { + "name": "75493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75493" + }, + { + "name": "1032760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032760" + }, + { + "name": "38036", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38036/" + }, + { + "name": "http://support.apple.com/kb/HT204942", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT204942" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3951.json b/2015/3xxx/CVE-2015-3951.json index 971c4681b23..dd00a3a8497 100644 --- a/2015/3xxx/CVE-2015-3951.json +++ b/2015/3xxx/CVE-2015-3951.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-3951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01" - }, - { - "name" : "75163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75163" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4650.json b/2015/4xxx/CVE-2015-4650.json index 97fffadb6f1..90cabc3fa37 100644 --- a/2015/4xxx/CVE-2015-4650.json +++ b/2015/4xxx/CVE-2015-4650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt" - }, - { - "name" : "76115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt" + }, + { + "name": "76115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76115" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7423.json b/2015/7xxx/CVE-2015-7423.json index 73058f78bad..56643e7d519 100644 --- a/2015/7xxx/CVE-2015-7423.json +++ b/2015/7xxx/CVE-2015-7423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-7423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971543" - }, - { - "name" : "103687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103687" - }, - { - "name" : "ibm-infosphere-cve20157423-xss(107771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/107771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103687" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971543", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971543" + }, + { + "name": "ibm-infosphere-cve20157423-xss(107771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107771" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7737.json b/2015/7xxx/CVE-2015-7737.json index d63d877666f..b1f01752a9e 100644 --- a/2015/7xxx/CVE-2015-7737.json +++ b/2015/7xxx/CVE-2015-7737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7737", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7737", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8614.json b/2015/8xxx/CVE-2015-8614.json index c99dc8780e9..302c9c98e2f 100644 --- a/2015/8xxx/CVE-2015-8614.json +++ b/2015/8xxx/CVE-2015-8614.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-8614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151221 Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/22/2" - }, - { - "name" : "[oss-security] 20151221 mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/21/10" - }, - { - "name" : "http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82", - "refsource" : "CONFIRM", - "url" : "http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82" - }, - { - "name" : "http://www.claws-mail.org/news.php", - "refsource" : "CONFIRM", - "url" : "http://www.claws-mail.org/news.php" - }, - { - "name" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557", - "refsource" : "CONFIRM", - "url" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557" - }, - { - "name" : "DSA-3452", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3452" - }, - { - "name" : "GLSA-201606-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-11" - }, - { - "name" : "openSUSE-SU-2016:0002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.claws-mail.org/news.php", + "refsource": "CONFIRM", + "url": "http://www.claws-mail.org/news.php" + }, + { + "name": "GLSA-201606-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-11" + }, + { + "name": "[oss-security] 20151221 Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/22/2" + }, + { + "name": "openSUSE-SU-2016:0002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00000.html" + }, + { + "name": "DSA-3452", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3452" + }, + { + "name": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557", + "refsource": "CONFIRM", + "url": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557" + }, + { + "name": "http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82", + "refsource": "CONFIRM", + "url": "http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82" + }, + { + "name": "[oss-security] 20151221 mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/21/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8818.json b/2015/8xxx/CVE-2015-8818.json index 1ec302ae0ee..823421e41a4 100644 --- a/2015/8xxx/CVE-2015-8818.json +++ b/2015/8xxx/CVE-2015-8818.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-8818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/01/1" - }, - { - "name" : "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/01/10" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300771", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300771" - }, - { - "name" : "RHSA-2016:2670", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2670.html" - }, - { - "name" : "RHSA-2016:2671", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2671.html" - }, - { - "name" : "RHSA-2016:2704", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2704.html" - }, - { - "name" : "RHSA-2016:2705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2705.html" - }, - { - "name" : "RHSA-2016:2706", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2706.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:2671", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771" + }, + { + "name": "RHSA-2016:2706", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html" + }, + { + "name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/01/1" + }, + { + "name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/01/10" + }, + { + "name": "RHSA-2016:2705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html" + }, + { + "name": "RHSA-2016:2670", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63" + }, + { + "name": "RHSA-2016:2704", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8860.json b/2015/8xxx/CVE-2015-8860.json index 5d7f1c34d52..e9d00e19f72 100644 --- a/2015/8xxx/CVE-2015-8860.json +++ b/2015/8xxx/CVE-2015-8860.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "name" : "https://nodesecurity.io/advisories/57", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/57" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/57", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/57" + }, + { + "name": "[oss-security] 20160420 various vulnerabilities in Node.js packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/11" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9042.json b/2015/9xxx/CVE-2015-9042.json index 52264e930ab..60e4ceb049f 100644 --- a/2015/9xxx/CVE-2015-9042.json +++ b/2015/9xxx/CVE-2015-9042.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2015-9042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in QMI" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2015-9042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in QMI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99467" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9135.json b/2015/9xxx/CVE-2015-9135.json index 5da8b00c6a6..c425d2358dd 100644 --- a/2015/9xxx/CVE-2015-9135.json +++ b/2015/9xxx/CVE-2015-9135.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2015-9135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in a QTEE syscall handler, an untrusted pointer dereference can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2015-9135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in a QTEE syscall handler, an untrusted pointer dereference can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1170.json b/2016/1xxx/CVE-2016-1170.json index 60cc775502b..c5eb04e843d 100644 --- a/2016/1xxx/CVE-2016-1170.json +++ b/2016/1xxx/CVE-2016-1170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hiniarata.jp/news/archives/55", - "refsource" : "CONFIRM", - "url" : "https://hiniarata.jp/news/archives/55" - }, - { - "name" : "JVN#55801246", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55801246/index.html" - }, - { - "name" : "JVNDB-2016-000045", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hiniarata.jp/news/archives/55", + "refsource": "CONFIRM", + "url": "https://hiniarata.jp/news/archives/55" + }, + { + "name": "JVN#55801246", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55801246/index.html" + }, + { + "name": "JVNDB-2016-000045", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000045" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1312.json b/2016/1xxx/CVE-2016-1312.json index 942f96e1ef0..f05c6e47539 100644 --- a/2016/1xxx/CVE-2016-1312.json +++ b/2016/1xxx/CVE-2016-1312.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160309 Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc" - }, - { - "name" : "84281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84281" - }, - { - "name" : "1035230", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84281" + }, + { + "name": "20160309 Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc" + }, + { + "name": "1035230", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035230" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1763.json b/2016/1xxx/CVE-2016-1763.json index 4c4e1efe153..df23bf23b11 100644 --- a/2016/1xxx/CVE-2016-1763.json +++ b/2016/1xxx/CVE-2016-1763.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-1763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206166", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206166" - }, - { - "name" : "APPLE-SA-2016-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" - }, - { - "name" : "1035353", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035353", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035353" + }, + { + "name": "APPLE-SA-2016-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" + }, + { + "name": "https://support.apple.com/HT206166", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206166" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1940.json b/2016/1xxx/CVE-2016-1940.json index b39ea7c0d7a..073e826498e 100644 --- a/2016/1xxx/CVE-2016-1940.json +++ b/2016/1xxx/CVE-2016-1940.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-1940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-05.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1208525", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1208525" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "1034825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034825" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208525", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208525" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-05.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-05.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5987.json b/2016/5xxx/CVE-2016-5987.json index 04df6b2f32f..57f03077579 100644 --- a/2016/5xxx/CVE-2016-5987.json +++ b/2016/5xxx/CVE-2016-5987.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-5987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990449", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990449" - }, - { - "name" : "93511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93511" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999037.json b/2018/1999xxx/CVE-2018-1999037.json index 6171a9b0c54..1ecfa3437cf 100644 --- a/2018/1999xxx/CVE-2018-1999037.json +++ b/2018/1999xxx/CVE-2018-1999037.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2018-1999037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1999037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2184.json b/2018/2xxx/CVE-2018-2184.json index 3a061fec65f..0b5015d2bc5 100644 --- a/2018/2xxx/CVE-2018-2184.json +++ b/2018/2xxx/CVE-2018-2184.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2184", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2184", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2623.json b/2018/2xxx/CVE-2018-2623.json index 253d4e8287d..407bc29bd9e 100644 --- a/2018/2xxx/CVE-2018-2623.json +++ b/2018/2xxx/CVE-2018-2623.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "8.7.13" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.7.13" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102590" - }, - { - "name" : "1040215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040215" + }, + { + "name": "102590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102590" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2703.json b/2018/2xxx/CVE-2018-2703.json index 2b9d38955f4..c828c39b710 100644 --- a/2018/2xxx/CVE-2018-2703.json +++ b/2018/2xxx/CVE-2018-2703.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.38 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.20 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.38 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.20 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "RHSA-2018:0586", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0586" - }, - { - "name" : "RHSA-2018:0587", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0587" - }, - { - "name" : "USN-3537-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3537-1/" - }, - { - "name" : "102704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102704" - }, - { - "name" : "1040216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0587", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0587" + }, + { + "name": "USN-3537-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3537-1/" + }, + { + "name": "RHSA-2018:0586", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0586" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "102704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102704" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + }, + { + "name": "1040216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040216" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2945.json b/2018/2xxx/CVE-2018-2945.json index a11c9526214..0a58d8710e4 100644 --- a/2018/2xxx/CVE-2018-2945.json +++ b/2018/2xxx/CVE-2018-2945.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JD Edwards EnterpriseOne Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JD Edwards EnterpriseOne Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104789" - }, - { - "name" : "1041305", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104789" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041305", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041305" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6555.json b/2018/6xxx/CVE-2018-6555.json index 42cb2f421ef..b343460004a 100644 --- a/2018/6xxx/CVE-2018-6555.json +++ b/2018/6xxx/CVE-2018-6555.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@ubuntu.com", - "DATE_PUBLIC" : "2018-09-04T15:00:00.000Z", - "ID" : "CVE-2018-6555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "before 4.17" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "DATE_PUBLIC": "2018-09-04T15:00:00.000Z", + "ID": "CVE-2018-6555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux Kernel", + "version": { + "version_data": [ + { + "version_value": "before 4.17" + } + ] + } + } + ] + }, + "vendor_name": "Linux Kernel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt", - "refsource" : "MLIST", - "url" : "https://www.spinics.net/lists/stable/msg255031.html" - }, - { - "name" : "[stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt", - "refsource" : "MLIST", - "url" : "https://www.spinics.net/lists/stable/msg255035.html" - }, - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "USN-3775-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-2/" - }, - { - "name" : "USN-3776-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-1/" - }, - { - "name" : "USN-3776-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3776-2/" - }, - { - "name" : "USN-3777-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-1/" - }, - { - "name" : "USN-3777-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-2/" - }, - { - "name" : "USN-3775-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3775-1/" - }, - { - "name" : "USN-3777-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3777-3/" - }, - { - "name" : "105304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105304" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3776-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-1/" + }, + { + "name": "USN-3776-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3776-2/" + }, + { + "name": "[stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt", + "refsource": "MLIST", + "url": "https://www.spinics.net/lists/stable/msg255035.html" + }, + { + "name": "USN-3777-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-1/" + }, + { + "name": "USN-3775-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-1/" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "USN-3775-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3775-2/" + }, + { + "name": "105304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105304" + }, + { + "name": "USN-3777-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-2/" + }, + { + "name": "[stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt", + "refsource": "MLIST", + "url": "https://www.spinics.net/lists/stable/msg255031.html" + }, + { + "name": "USN-3777-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3777-3/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0217.json b/2019/0xxx/CVE-2019-0217.json index ca404d41fa3..072eec8940c 100644 --- a/2019/0xxx/CVE-2019-0217.json +++ b/2019/0xxx/CVE-2019-0217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0494.json b/2019/0xxx/CVE-2019-0494.json index 857812c0767..80c5d12efc8 100644 --- a/2019/0xxx/CVE-2019-0494.json +++ b/2019/0xxx/CVE-2019-0494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0802.json b/2019/0xxx/CVE-2019-0802.json index d2576290513..e2c8e2e94b2 100644 --- a/2019/0xxx/CVE-2019-0802.json +++ b/2019/0xxx/CVE-2019-0802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0802", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0802", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0921.json b/2019/0xxx/CVE-2019-0921.json index d191cd5f98b..0521100a3d6 100644 --- a/2019/0xxx/CVE-2019-0921.json +++ b/2019/0xxx/CVE-2019-0921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0921", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1365.json b/2019/1xxx/CVE-2019-1365.json index 2b87f181fc5..5ccb056d869 100644 --- a/2019/1xxx/CVE-2019-1365.json +++ b/2019/1xxx/CVE-2019-1365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1445.json b/2019/1xxx/CVE-2019-1445.json index af64579f21f..911e2b0a6eb 100644 --- a/2019/1xxx/CVE-2019-1445.json +++ b/2019/1xxx/CVE-2019-1445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1695.json b/2019/1xxx/CVE-2019-1695.json index 0e18e8708fd..f86fc9b6aaf 100644 --- a/2019/1xxx/CVE-2019-1695.json +++ b/2019/1xxx/CVE-2019-1695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1992.json b/2019/1xxx/CVE-2019-1992.json index 3533af18e3e..0bf7b62fb2f 100644 --- a/2019/1xxx/CVE-2019-1992.json +++ b/2019/1xxx/CVE-2019-1992.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2019-02-04T00:00:00", - "ID" : "CVE-2019-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Android" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2019-02-04T00:00:00", + "ID": "CVE-2019-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Android" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2019-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2019-02-01" - }, - { - "name" : "106946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2019-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2019-02-01" + }, + { + "name": "106946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106946" + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4233.json b/2019/4xxx/CVE-2019-4233.json index 98e4583c0e8..afb19c69ad3 100644 --- a/2019/4xxx/CVE-2019-4233.json +++ b/2019/4xxx/CVE-2019-4233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4233", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4233", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4305.json b/2019/4xxx/CVE-2019-4305.json index b31ff1eadd5..3d29dc902ab 100644 --- a/2019/4xxx/CVE-2019-4305.json +++ b/2019/4xxx/CVE-2019-4305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4844.json b/2019/4xxx/CVE-2019-4844.json index 4cdbc3a2a01..704fb4f8e2b 100644 --- a/2019/4xxx/CVE-2019-4844.json +++ b/2019/4xxx/CVE-2019-4844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4933.json b/2019/4xxx/CVE-2019-4933.json index 1f6553d5354..ad99ca4fa5f 100644 --- a/2019/4xxx/CVE-2019-4933.json +++ b/2019/4xxx/CVE-2019-4933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5130.json b/2019/5xxx/CVE-2019-5130.json index 77bac8a200b..9fc397aea3a 100644 --- a/2019/5xxx/CVE-2019-5130.json +++ b/2019/5xxx/CVE-2019-5130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5261.json b/2019/5xxx/CVE-2019-5261.json index 051a19777ee..f93d8f0e820 100644 --- a/2019/5xxx/CVE-2019-5261.json +++ b/2019/5xxx/CVE-2019-5261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5380.json b/2019/5xxx/CVE-2019-5380.json index a3f1f72a306..2ba6e877c22 100644 --- a/2019/5xxx/CVE-2019-5380.json +++ b/2019/5xxx/CVE-2019-5380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5602.json b/2019/5xxx/CVE-2019-5602.json index 100bc2c3c8f..642edebee95 100644 --- a/2019/5xxx/CVE-2019-5602.json +++ b/2019/5xxx/CVE-2019-5602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file