diff --git a/2007/0xxx/CVE-2007-0150.json b/2007/0xxx/CVE-2007-0150.json index 4a660040ca3..1ca28c1aa7c 100644 --- a/2007/0xxx/CVE-2007-0150.json +++ b/2007/0xxx/CVE-2007-0150.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070107 Dayfox Blog Remote File Include Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456212/100/0/threaded" - }, - { - "name" : "ADV-2007-0099", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0099" - }, - { - "name" : "31259", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31259" - }, - { - "name" : "23661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23661" - }, - { - "name" : "2117", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2117" - }, - { - "name" : "dayfoxblog-index-file-include(31336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23661" + }, + { + "name": "ADV-2007-0099", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0099" + }, + { + "name": "20070107 Dayfox Blog Remote File Include Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456212/100/0/threaded" + }, + { + "name": "31259", + "refsource": "OSVDB", + "url": "http://osvdb.org/31259" + }, + { + "name": "2117", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2117" + }, + { + "name": "dayfoxblog-index-file-include(31336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31336" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0377.json b/2007/0xxx/CVE-2007-0377.json index df2f86f48db..eda15d57921 100644 --- a/2007/0xxx/CVE-2007-0377.json +++ b/2007/0xxx/CVE-2007-0377.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070204 Sql injection bugs in Xoops 2.0.16 + Weblinks module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/459150/100/0/threaded" - }, - { - "name" : "20070118 The vulnerabilities festival !", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html" - }, - { - "name" : "http://www.hackers.ir/advisories/festival.txt", - "refsource" : "MISC", - "url" : "http://www.hackers.ir/advisories/festival.txt" - }, - { - "name" : "22399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22399" - }, - { - "name" : "33684", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33684" - }, - { - "name" : "33685", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070204 Sql injection bugs in Xoops 2.0.16 + Weblinks module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/459150/100/0/threaded" + }, + { + "name": "20070118 The vulnerabilities festival !", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html" + }, + { + "name": "22399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22399" + }, + { + "name": "33684", + "refsource": "OSVDB", + "url": "http://osvdb.org/33684" + }, + { + "name": "33685", + "refsource": "OSVDB", + "url": "http://osvdb.org/33685" + }, + { + "name": "http://www.hackers.ir/advisories/festival.txt", + "refsource": "MISC", + "url": "http://www.hackers.ir/advisories/festival.txt" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0933.json b/2007/0xxx/CVE-2007-0933.json index 11ff7af9e71..1efc6136760 100644 --- a/2007/0xxx/CVE-2007-0933.json +++ b/2007/0xxx/CVE-2007-0933.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf" - }, - { - "name" : "24438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24438" - }, - { - "name" : "36160", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36160" - }, - { - "name" : "25602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25602" - }, - { - "name" : "dlink-tim-information-bo(34831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25602" + }, + { + "name": "36160", + "refsource": "OSVDB", + "url": "http://osvdb.org/36160" + }, + { + "name": "dlink-tim-information-bo(34831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34831" + }, + { + "name": "http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf", + "refsource": "MISC", + "url": "http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf" + }, + { + "name": "24438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24438" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3108.json b/2007/3xxx/CVE-2007-3108.json index f0f46819d27..e60520a7ac4 100644 --- a/2007/3xxx/CVE-2007-3108.json +++ b/2007/3xxx/CVE-2007-3108.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070813 FLEA-2007-0043-1 openssl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476341/100/0/threaded" - }, - { - "name" : "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485936/100/0/threaded" - }, - { - "name" : "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486859/100/0/threaded" - }, - { - "name" : "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2008/000002.html" - }, - { - "name" : "http://cvs.openssl.org/chngview?cn=16275", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=16275" - }, - { - "name" : "http://openssl.org/news/patch-CVE-2007-3108.txt", - "refsource" : "CONFIRM", - "url" : "http://openssl.org/news/patch-CVE-2007-3108.txt" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/RGII-74KLP3", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/RGII-74KLP3" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1613", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1613" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1633", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1633" - }, - { - "name" : "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability", - "refsource" : "CONFIRM", - "url" : "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0001.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html" - }, - { - "name" : "http://support.attachmate.com/techdocs/2374.html", - "refsource" : "CONFIRM", - "url" : "http://support.attachmate.com/techdocs/2374.html" - }, - { - "name" : "DSA-1571", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1571" - }, - { - "name" : "GLSA-200710-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200710-06.xml" - }, - { - "name" : "GLSA-200805-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" - }, - { - "name" : "MDKSA-2007:193", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193" - }, - { - "name" : "RHSA-2007:0964", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0964.html" - }, - { - "name" : "RHSA-2007:0813", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0813.html" - }, - { - "name" : "RHSA-2007:1003", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1003.html" - }, - { - "name" : "USN-522-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/522-1/" - }, - { - "name" : "VU#724968", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/724968" - }, - { - "name" : "25163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25163" - }, - { - "name" : "oval:org.mitre.oval:def:9984", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984" - }, - { - "name" : "ADV-2007-2759", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2759" - }, - { - "name" : "ADV-2007-4010", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4010" - }, - { - "name" : "ADV-2008-0064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0064" - }, - { - "name" : "ADV-2008-2396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2396" - }, - { - "name" : "ADV-2008-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2361" - }, - { - "name" : "ADV-2008-2362", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2362" - }, - { - "name" : "26411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26411" - }, - { - "name" : "26893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26893" - }, - { - "name" : "27021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27021" - }, - { - "name" : "27097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27097" - }, - { - "name" : "27078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27078" - }, - { - "name" : "27205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27205" - }, - { - "name" : "27330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27330" - }, - { - "name" : "27770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27770" - }, - { - "name" : "27870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27870" - }, - { - "name" : "28368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28368" - }, - { - "name" : "30161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30161" - }, - { - "name" : "30220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30220" - }, - { - "name" : "31467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31467" - }, - { - "name" : "31489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31489" - }, - { - "name" : "31531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.attachmate.com/techdocs/2374.html", + "refsource": "CONFIRM", + "url": "http://support.attachmate.com/techdocs/2374.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/RGII-74KLP3", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/RGII-74KLP3" + }, + { + "name": "VU#724968", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/724968" + }, + { + "name": "26893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26893" + }, + { + "name": "DSA-1571", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1571" + }, + { + "name": "27205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27205" + }, + { + "name": "20070813 FLEA-2007-0043-1 openssl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476341/100/0/threaded" + }, + { + "name": "27097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27097" + }, + { + "name": "ADV-2008-2362", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2362" + }, + { + "name": "ADV-2007-2759", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2759" + }, + { + "name": "oval:org.mitre.oval:def:9984", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984" + }, + { + "name": "31489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31489" + }, + { + "name": "RHSA-2007:1003", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html" + }, + { + "name": "31531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31531" + }, + { + "name": "MDKSA-2007:193", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193" + }, + { + "name": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability", + "refsource": "CONFIRM", + "url": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability" + }, + { + "name": "30220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30220" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1633", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1633" + }, + { + "name": "ADV-2007-4010", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4010" + }, + { + "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded" + }, + { + "name": "27770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27770" + }, + { + "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html" + }, + { + "name": "26411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26411" + }, + { + "name": "USN-522-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/522-1/" + }, + { + "name": "http://openssl.org/news/patch-CVE-2007-3108.txt", + "refsource": "CONFIRM", + "url": "http://openssl.org/news/patch-CVE-2007-3108.txt" + }, + { + "name": "ADV-2008-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2361" + }, + { + "name": "31467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31467" + }, + { + "name": "RHSA-2007:0964", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html" + }, + { + "name": "27870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27870" + }, + { + "name": "ADV-2008-2396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2396" + }, + { + "name": "27330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27330" + }, + { + "name": "30161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30161" + }, + { + "name": "GLSA-200805-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html" + }, + { + "name": "28368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28368" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm" + }, + { + "name": "27078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27078" + }, + { + "name": "GLSA-200710-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=16275", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=16275" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1613", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1613" + }, + { + "name": "RHSA-2007:0813", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html" + }, + { + "name": "25163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25163" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html" + }, + { + "name": "ADV-2008-0064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0064" + }, + { + "name": "27021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27021" + }, + { + "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3822.json b/2007/3xxx/CVE-2007-3822.json index faed9434f06..cb4f9f75dbe 100644 --- a/2007/3xxx/CVE-2007-3822.json +++ b/2007/3xxx/CVE-2007-3822.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070714 Session Riding and multiple XSS in WebCit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/473714/100/0/threaded" - }, - { - "name" : "24913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24913" - }, - { - "name" : "38176", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38176" - }, - { - "name" : "38177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38177" - }, - { - "name" : "38178", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38178" - }, - { - "name" : "38179", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38179" - }, - { - "name" : "38180", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38180" - }, - { - "name" : "26090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26090" - }, - { - "name" : "2890", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2890" - }, - { - "name" : "webcit-multiple-xss(35433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38179", + "refsource": "OSVDB", + "url": "http://osvdb.org/38179" + }, + { + "name": "38177", + "refsource": "OSVDB", + "url": "http://osvdb.org/38177" + }, + { + "name": "38180", + "refsource": "OSVDB", + "url": "http://osvdb.org/38180" + }, + { + "name": "24913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24913" + }, + { + "name": "2890", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2890" + }, + { + "name": "38178", + "refsource": "OSVDB", + "url": "http://osvdb.org/38178" + }, + { + "name": "20070714 Session Riding and multiple XSS in WebCit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded" + }, + { + "name": "26090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26090" + }, + { + "name": "webcit-multiple-xss(35433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35433" + }, + { + "name": "38176", + "refsource": "OSVDB", + "url": "http://osvdb.org/38176" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3892.json b/2007/3xxx/CVE-2007-3892.json index cb93c83d320..310e69579e1 100644 --- a/2007/3xxx/CVE-2007-3892.json +++ b/2007/3xxx/CVE-2007-3892.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other \"trust UI\" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-3892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02280", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" - }, - { - "name" : "SSRT071480", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded" - }, - { - "name" : "MS07-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" - }, - { - "name" : "TA07-282A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" - }, - { - "name" : "25915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25915" - }, - { - "name" : "ADV-2007-3437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3437" - }, - { - "name" : "oval:org.mitre.oval:def:2244", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2244" - }, - { - "name" : "1018788", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018788" - }, - { - "name" : "27133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other \"trust UI\" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02280", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" + }, + { + "name": "SSRT071480", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded" + }, + { + "name": "ADV-2007-3437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3437" + }, + { + "name": "1018788", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018788" + }, + { + "name": "25915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25915" + }, + { + "name": "27133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27133" + }, + { + "name": "MS07-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057" + }, + { + "name": "oval:org.mitre.oval:def:2244", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2244" + }, + { + "name": "TA07-282A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3994.json b/2007/3xxx/CVE-2007-3994.json index b2c76201906..90934d44487 100644 --- a/2007/3xxx/CVE-2007-3994.json +++ b/2007/3xxx/CVE-2007-3994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3994", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3994", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4086.json b/2007/4xxx/CVE-2007-4086.json index 7c6ad8edaa3..92813ce9657 100644 --- a/2007/4xxx/CVE-2007-4086.json +++ b/2007/4xxx/CVE-2007-4086.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" - }, - { - "name" : "37872", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37872" - }, - { - "name" : "37873", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37873" - }, - { - "name" : "37874", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37874" - }, - { - "name" : "37875", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37875" - }, - { - "name" : "37876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37876" - }, - { - "name" : "37877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37877" - }, - { - "name" : "37878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37877", + "refsource": "OSVDB", + "url": "http://osvdb.org/37877" + }, + { + "name": "37873", + "refsource": "OSVDB", + "url": "http://osvdb.org/37873" + }, + { + "name": "37874", + "refsource": "OSVDB", + "url": "http://osvdb.org/37874" + }, + { + "name": "37875", + "refsource": "OSVDB", + "url": "http://osvdb.org/37875" + }, + { + "name": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html" + }, + { + "name": "37876", + "refsource": "OSVDB", + "url": "http://osvdb.org/37876" + }, + { + "name": "37878", + "refsource": "OSVDB", + "url": "http://osvdb.org/37878" + }, + { + "name": "37872", + "refsource": "OSVDB", + "url": "http://osvdb.org/37872" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4130.json b/2007/4xxx/CVE-2007-4130.json index c500271f147..84bbc7d36aa 100644 --- a/2007/4xxx/CVE-2007-4130.json +++ b/2007/4xxx/CVE-2007-4130.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-4130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=179665", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=179665" - }, - { - "name" : "RHSA-2008:0055", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0055.html" - }, - { - "name" : "27556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27556" - }, - { - "name" : "oval:org.mitre.oval:def:11437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11437" - }, - { - "name" : "28748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11437" + }, + { + "name": "27556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27556" + }, + { + "name": "28748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28748" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=179665", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=179665" + }, + { + "name": "RHSA-2008:0055", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0055.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4305.json b/2007/4xxx/CVE-2007-4305.json index b73a9456684..663eea20fa3 100644 --- a/2007/4xxx/CVE-2007-4305.json +++ b/2007/4xxx/CVE-2007-4305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.watson.org/~robert/2007woot/", - "refsource" : "MISC", - "url" : "http://www.watson.org/~robert/2007woot/" - }, - { - "name" : "25258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25258" - }, - { - "name" : "26479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26479" + }, + { + "name": "http://www.watson.org/~robert/2007woot/", + "refsource": "MISC", + "url": "http://www.watson.org/~robert/2007woot/" + }, + { + "name": "25258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25258" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4859.json b/2007/4xxx/CVE-2007-4859.json index 807c9adf5a1..0b1c26b1cc9 100644 --- a/2007/4xxx/CVE-2007-4859.json +++ b/2007/4xxx/CVE-2007-4859.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4859", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4859", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5358.json b/2014/5xxx/CVE-2014-5358.json index 34adef7b5cc..3a6dab38ea7 100644 --- a/2014/5xxx/CVE-2014-5358.json +++ b/2014/5xxx/CVE-2014-5358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5370.json b/2014/5xxx/CVE-2014-5370.json index 52ca8cafd81..b5886e50ef1 100644 --- a/2014/5xxx/CVE-2014-5370.json +++ b/2014/5xxx/CVE-2014-5370.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36815", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36815/" - }, - { - "name" : "20150417 CVE-2014-5370 - Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/49" - }, - { - "name" : "http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.17759-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.17759-Directory-Traversal.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5370/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5370/" - }, - { - "name" : "119527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/119527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.17759-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131504/BlueDragon-CFChart-Servlet-7.1.1.17759-Directory-Traversal.html" + }, + { + "name": "20150417 CVE-2014-5370 - Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/49" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5370/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5370/" + }, + { + "name": "36815", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36815/" + }, + { + "name": "119527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/119527" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5713.json b/2014/5xxx/CVE-2014-5713.json index 5fbbb0cca62..7fd09b75b6f 100644 --- a/2014/5xxx/CVE-2014-5713.json +++ b/2014/5xxx/CVE-2014-5713.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#171361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/171361" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#171361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/171361" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2135.json b/2015/2xxx/CVE-2015-2135.json index 50319df3d47..a8783965097 100644 --- a/2015/2xxx/CVE-2015-2135.json +++ b/2015/2xxx/CVE-2015-2135.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04756070", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04756070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04756070", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04756070" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2173.json b/2015/2xxx/CVE-2015-2173.json index e6bbeef723f..dd342cb4188 100644 --- a/2015/2xxx/CVE-2015-2173.json +++ b/2015/2xxx/CVE-2015-2173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2429.json b/2015/2xxx/CVE-2015-2429.json index 8b38702dfe0..424bbed9af0 100644 --- a/2015/2xxx/CVE-2015-2429.json +++ b/2015/2xxx/CVE-2015-2429.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka \"Windows Registry Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-459", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-459" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-379", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-379" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-380", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-380" - }, - { - "name" : "MS15-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-090" - }, - { - "name" : "1033251", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka \"Windows Registry Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-090" + }, + { + "name": "1033251", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033251" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-459", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-459" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-379", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-379" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-380", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-380" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2797.json b/2015/2xxx/CVE-2015-2797.json index 163de35a433..e953384ff80 100644 --- a/2015/2xxx/CVE-2015-2797.json +++ b/2015/2xxx/CVE-2015-2797.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36577", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36577/" - }, - { - "name" : "37170", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37170/" - }, - { - "name" : "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", - "refsource" : "MISC", - "url" : "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/" - }, - { - "name" : "75355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75355" - }, - { - "name" : "120335", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/120335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75355" + }, + { + "name": "37170", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37170/" + }, + { + "name": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/", + "refsource": "MISC", + "url": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/" + }, + { + "name": "36577", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36577/" + }, + { + "name": "120335", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/120335" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2817.json b/2015/2xxx/CVE-2015-2817.json index 0c996d6db14..60ead05f0d4 100644 --- a/2015/2xxx/CVE-2015-2817.json +++ b/2015/2xxx/CVE-2015-2817.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150625 [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535829/100/800/threaded" - }, - { - "name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/65" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-15-007-sap-management-console-readprofile-parameters-information-disclosure/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-15-007-sap-management-console-readprofile-parameters-information-disclosure/" - }, - { - "name" : "http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html" - }, - { - "name" : "73705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132359/SAP-Management-Console-Information-Disclosure.html" + }, + { + "name": "https://erpscan.io/advisories/erpscan-15-007-sap-management-console-readprofile-parameters-information-disclosure/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-15-007-sap-management-console-readprofile-parameters-information-disclosure/" + }, + { + "name": "73705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73705" + }, + { + "name": "20150625 [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535829/100/800/threaded" + }, + { + "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/65" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6034.json b/2015/6xxx/CVE-2015-6034.json index 2677fd19b71..2ec45a7f164 100644 --- a/2015/6xxx/CVE-2015-6034.json +++ b/2015/6xxx/CVE-2015-6034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-6034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.epson.com/cgi-bin/Store/support/supAdvice.jsp?type=highlights¬eoid=288045", - "refsource" : "CONFIRM", - "url" : "https://www.epson.com/cgi-bin/Store/support/supAdvice.jsp?type=highlights¬eoid=288045" - }, - { - "name" : "VU#672500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/672500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#672500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/672500" + }, + { + "name": "https://www.epson.com/cgi-bin/Store/support/supAdvice.jsp?type=highlights¬eoid=288045", + "refsource": "CONFIRM", + "url": "https://www.epson.com/cgi-bin/Store/support/supAdvice.jsp?type=highlights¬eoid=288045" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6365.json b/2015/6xxx/CVE-2015-6365.json index 75abb405cbe..f490361c136 100644 --- a/2015/6xxx/CVE-2015-6365.json +++ b/2015/6xxx/CVE-2015-6365.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151113 Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1" - }, - { - "name" : "1034158", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151113 Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1" + }, + { + "name": "1034158", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034158" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6415.json b/2015/6xxx/CVE-2015-6415.json index c51e1eb11bb..711a59482f2 100644 --- a/2015/6xxx/CVE-2015-6415.json +++ b/2015/6xxx/CVE-2015-6415.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151210 Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs" - }, - { - "name" : "1034381", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034381", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034381" + }, + { + "name": "20151210 Cisco Unified Computing System 6200 Series Fabric Interconnect Series Switch DoS Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6928.json b/2015/6xxx/CVE-2015-6928.json index 0a835d907c8..782d40c72e9 100644 --- a/2015/6xxx/CVE-2015-6928.json +++ b/2015/6xxx/CVE-2015-6928.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150910 CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/40" - }, - { - "name" : "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html" - }, - { - "name" : "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/", - "refsource" : "CONFIRM", - "url" : "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/" - }, - { - "name" : "1034015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/", + "refsource": "CONFIRM", + "url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/" + }, + { + "name": "20150910 CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/40" + }, + { + "name": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html" + }, + { + "name": "1034015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034015" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7294.json b/2015/7xxx/CVE-2015-7294.json index 766f43e50cb..f1a314c142d 100644 --- a/2015/7xxx/CVE-2015-7294.json +++ b/2015/7xxx/CVE-2015-7294.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150918 Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/18/8" - }, - { - "name" : "[oss-security] 20150921 Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/2" - }, - { - "name" : "https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4", - "refsource" : "CONFIRM", - "url" : "https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4" - }, - { - "name" : "https://github.com/vesse/node-ldapauth-fork/issues/21", - "refsource" : "CONFIRM", - "url" : "https://github.com/vesse/node-ldapauth-fork/issues/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150921 Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/2" + }, + { + "name": "[oss-security] 20150918 Re: CVE request - ldapauth-fork versions < 2.3.3 are vulnerable to ldap injection.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/18/8" + }, + { + "name": "https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4", + "refsource": "CONFIRM", + "url": "https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4" + }, + { + "name": "https://github.com/vesse/node-ldapauth-fork/issues/21", + "refsource": "CONFIRM", + "url": "https://github.com/vesse/node-ldapauth-fork/issues/21" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7372.json b/2015/7xxx/CVE-2015-7372.json index cf08f65becc..7d315b2ff2e 100644 --- a/2015/7xxx/CVE-2015-7372.json +++ b/2015/7xxx/CVE-2015-7372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536633/100/0/threaded" - }, - { - "name" : "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Oct/32" - }, - { - "name" : "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html" - }, - { - "name" : "http://www.revive-adserver.com/security/revive-sa-2015-001", - "refsource" : "CONFIRM", - "url" : "http://www.revive-adserver.com/security/revive-sa-2015-001" - }, - { - "name" : "https://github.com/revive-adserver/revive-adserver/commit/86b623f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/revive-adserver/revive-adserver/commit/86b623f8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.revive-adserver.com/security/revive-sa-2015-001", + "refsource": "CONFIRM", + "url": "http://www.revive-adserver.com/security/revive-sa-2015-001" + }, + { + "name": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8", + "refsource": "CONFIRM", + "url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8" + }, + { + "name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded" + }, + { + "name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Oct/32" + }, + { + "name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7460.json b/2015/7xxx/CVE-2015-7460.json index 10204a53539..9d89fd7f568 100644 --- a/2015/7xxx/CVE-2015-7460.json +++ b/2015/7xxx/CVE-2015-7460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-7460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21980518" - }, - { - "name" : "ibm-connections-cve20157460-xss(108356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518" + }, + { + "name": "ibm-connections-cve20157460-xss(108356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7695.json b/2015/7xxx/CVE-2015-7695.json index 281c03d165d..d4be3f1b888 100644 --- a/2015/7xxx/CVE-2015-7695.json +++ b/2015/7xxx/CVE-2015-7695.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160930 CVE Request: zendframework SQL injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/30/6" - }, - { - "name" : "[oss-security] 20160930 Re: CVE Request: zendframework SQL injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/30/8" - }, - { - "name" : "[oss-security] 20161011 Re: CVE Request: zendframework SQL injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/11/3" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2015-08", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2015-08" - }, - { - "name" : "DSA-3369", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3369" - }, - { - "name" : "76784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160930 Re: CVE Request: zendframework SQL injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/30/8" + }, + { + "name": "DSA-3369", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3369" + }, + { + "name": "[oss-security] 20161011 Re: CVE Request: zendframework SQL injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/11/3" + }, + { + "name": "[oss-security] 20160930 CVE Request: zendframework SQL injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/30/6" + }, + { + "name": "76784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76784" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2015-08", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2015-08" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0035.json b/2016/0xxx/CVE-2016-0035.json index 611b555124c..fde6e89c900 100644 --- a/2016/0xxx/CVE-2016-0035.json +++ b/2016/0xxx/CVE-2016-0035.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-639", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-639" - }, - { - "name" : "MS16-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004" - }, - { - "name" : "1034651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004" + }, + { + "name": "1034651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034651" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-639", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-639" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0200.json b/2016/0xxx/CVE-2016-0200.json index 5802bc53134..3d01bcea06c 100644 --- a/2016/0xxx/CVE-2016-0200.json +++ b/2016/0xxx/CVE-2016-0200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0199 and CVE-2016-3211." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-365", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-365" - }, - { - "name" : "MS16-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" - }, - { - "name" : "1036096", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0199 and CVE-2016-3211." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-365", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-365" + }, + { + "name": "1036096", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036096" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0297.json b/2016/0xxx/CVE-2016-0297.json index e5baa9ccbc4..977f4f5159c 100644 --- a/2016/0xxx/CVE-2016-0297.json +++ b/2016/0xxx/CVE-2016-0297.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21993214", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21993214" - }, - { - "name" : "94188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94188" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21993214", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21993214" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0584.json b/2016/0xxx/CVE-2016-0584.json index ca21a234496..c58b10fe2e8 100644 --- a/2016/0xxx/CVE-2016-0584.json +++ b/2016/0xxx/CVE-2016-0584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0583." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "1034726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0583." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "1034726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034726" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000170.json b/2016/1000xxx/CVE-2016-1000170.json index fb9f92a354f..1e3d26997ac 100644 --- a/2016/1000xxx/CVE-2016-1000170.json +++ b/2016/1000xxx/CVE-2016-1000170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10123.json b/2016/10xxx/CVE-2016-10123.json index fb29df9df01..a0a9cdd7831 100644 --- a/2016/10xxx/CVE-2016-10123.json +++ b/2016/10xxx/CVE-2016-10123.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170105 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/05/4" - }, - { - "name" : "[oss-security] 20170106 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/06/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170105 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/05/4" + }, + { + "name": "[oss-security] 20170106 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10289.json b/2016/10xxx/CVE-2016-10289.json index 3f10c9241b6..607b4b281ab 100644 --- a/2016/10xxx/CVE-2016-10289.json +++ b/2016/10xxx/CVE-2016-10289.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-10289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-10289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1877.json b/2016/1xxx/CVE-2016-1877.json index 4997db58250..915367aee42 100644 --- a/2016/1xxx/CVE-2016-1877.json +++ b/2016/1xxx/CVE-2016-1877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4264.json b/2016/4xxx/CVE-2016-4264.json index a85073e83bd..aae15b44f29 100644 --- a/2016/4xxx/CVE-2016-4264.json +++ b/2016/4xxx/CVE-2016-4264.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160907 CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/539374/100/0/threaded" - }, - { - "name" : "40346", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40346/" - }, - { - "name" : "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt", - "refsource" : "MISC", - "url" : "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt" - }, - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html" - }, - { - "name" : "92684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92684" - }, - { - "name" : "1036708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40346", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40346/" + }, + { + "name": "1036708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036708" + }, + { + "name": "20160907 CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/539374/100/0/threaded" + }, + { + "name": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt", + "refsource": "MISC", + "url": "http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt" + }, + { + "name": "92684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92684" + }, + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4495.json b/2016/4xxx/CVE-2016-4495.json index 2ac7d1c619c..3640b9eec23 100644 --- a/2016/4xxx/CVE-2016-4495.json +++ b/2016/4xxx/CVE-2016-4495.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4560.json b/2016/4xxx/CVE-2016-4560.json index 2a6bbcc9848..b5ab111b331 100644 --- a/2016/4xxx/CVE-2016-4560.json +++ b/2016/4xxx/CVE-2016-4560.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues", - "refsource" : "CONFIRM", - "url" : "https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984949", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984949" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985483", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985483" - }, - { - "name" : "90979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90979" - }, - { - "name" : "1036478", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "90979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90979" + }, + { + "name": "https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues", + "refsource": "CONFIRM", + "url": "https://flexeracommunity.force.com/customer/articles/INFO/Best-Practices-to-Avoid-Windows-Setup-Launcher-Executable-Issues" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985483", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985483" + }, + { + "name": "1036478", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036478" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984949", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984949" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4795.json b/2016/4xxx/CVE-2016-4795.json index 7bf2f3af38c..bbc4969b33b 100644 --- a/2016/4xxx/CVE-2016-4795.json +++ b/2016/4xxx/CVE-2016-4795.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4795", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4795", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4919.json b/2016/4xxx/CVE-2016-4919.json index 5760a069d63..1c342107c4a 100644 --- a/2016/4xxx/CVE-2016-4919.json +++ b/2016/4xxx/CVE-2016-4919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9177.json b/2016/9xxx/CVE-2016-9177.json index 4d07f5c627e..6248fb69b54 100644 --- a/2016/9xxx/CVE-2016-9177.json +++ b/2016/9xxx/CVE-2016-9177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2016/Nov/13", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2016/Nov/13" - }, - { - "name" : "https://github.com/perwendel/spark/issues/700", - "refsource" : "CONFIRM", - "url" : "https://github.com/perwendel/spark/issues/700" - }, - { - "name" : "RHSA-2017:0868", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0868" - }, - { - "name" : "94218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0868" + }, + { + "name": "94218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94218" + }, + { + "name": "https://github.com/perwendel/spark/issues/700", + "refsource": "CONFIRM", + "url": "https://github.com/perwendel/spark/issues/700" + }, + { + "name": "http://seclists.org/fulldisclosure/2016/Nov/13", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/13" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9592.json b/2016/9xxx/CVE-2016-9592.json index a872904c547..a4a9f3c7668 100644 --- a/2016/9xxx/CVE-2016-9592.json +++ b/2016/9xxx/CVE-2016-9592.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2016-9592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openshift", - "version" : { - "version_data" : [ - { - "version_value" : "openshift 3.3.1.11" - }, - { - "version_value" : " openshift 3.2.1.23" - }, - { - "version_value" : " openshift 3.4" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-460" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-9592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openshift", + "version": { + "version_data": [ + { + "version_value": "openshift 3.3.1.11" + }, + { + "version_value": " openshift 3.2.1.23" + }, + { + "version_value": " openshift 3.4" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592" - }, - { - "name" : "94991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-460" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592" + }, + { + "name": "94991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94991" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003008.json b/2019/1003xxx/CVE-2019-1003008.json index d6b5dace893..1e74a4f9e32 100644 --- a/2019/1003xxx/CVE-2019-1003008.json +++ b/2019/1003xxx/CVE-2019-1003008.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2019-02-06T02:59:03.173949", - "ID" : "CVE-2019-1003008", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Warnings Next Generation Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "DATE_ASSIGNED": "2019-02-06T02:59:03.173949", + "ID": "CVE-2019-1003008", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jenkins Warnings Next Generation Plugin", + "version": { + "version_data": [ + { + "version_value": "2.1.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(2)", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(2)" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(2)", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(2)" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2289.json b/2019/2xxx/CVE-2019-2289.json index 5b38492bb1f..feeb3cb3bcb 100644 --- a/2019/2xxx/CVE-2019-2289.json +++ b/2019/2xxx/CVE-2019-2289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2289", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2289", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3446.json b/2019/3xxx/CVE-2019-3446.json index b6f780c821a..3d713ea7b4e 100644 --- a/2019/3xxx/CVE-2019-3446.json +++ b/2019/3xxx/CVE-2019-3446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3491.json b/2019/3xxx/CVE-2019-3491.json index 95b369ee48c..62fbbad1442 100644 --- a/2019/3xxx/CVE-2019-3491.json +++ b/2019/3xxx/CVE-2019-3491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3491", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3491", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3698.json b/2019/3xxx/CVE-2019-3698.json index af28b9be38e..60bead2cd5a 100644 --- a/2019/3xxx/CVE-2019-3698.json +++ b/2019/3xxx/CVE-2019-3698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3698", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3858.json b/2019/3xxx/CVE-2019-3858.json index 2cf7531661a..f520f3b3e91 100644 --- a/2019/3xxx/CVE-2019-3858.json +++ b/2019/3xxx/CVE-2019-3858.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3858", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3858", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4903.json b/2019/4xxx/CVE-2019-4903.json index bdc37a65d38..e8410df5b69 100644 --- a/2019/4xxx/CVE-2019-4903.json +++ b/2019/4xxx/CVE-2019-4903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6099.json b/2019/6xxx/CVE-2019-6099.json index 9c10a43edfb..77a8aa2b9e8 100644 --- a/2019/6xxx/CVE-2019-6099.json +++ b/2019/6xxx/CVE-2019-6099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6099", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6099", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6456.json b/2019/6xxx/CVE-2019-6456.json index aa0ec3c4816..05ca5072a20 100644 --- a/2019/6xxx/CVE-2019-6456.json +++ b/2019/6xxx/CVE-2019-6456.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/recutils", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/recutils" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/recutils", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/recutils" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6635.json b/2019/6xxx/CVE-2019-6635.json index 4364cefb40a..bf696023db4 100644 --- a/2019/6xxx/CVE-2019-6635.json +++ b/2019/6xxx/CVE-2019-6635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6935.json b/2019/6xxx/CVE-2019-6935.json index 220804e440f..b7a3cd0d0d2 100644 --- a/2019/6xxx/CVE-2019-6935.json +++ b/2019/6xxx/CVE-2019-6935.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6935", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6935", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7097.json b/2019/7xxx/CVE-2019-7097.json index a979b266641..6b350081142 100644 --- a/2019/7xxx/CVE-2019-7097.json +++ b/2019/7xxx/CVE-2019-7097.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7097", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7097", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7290.json b/2019/7xxx/CVE-2019-7290.json index 492587cbaf1..f7e360b916a 100644 --- a/2019/7xxx/CVE-2019-7290.json +++ b/2019/7xxx/CVE-2019-7290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7525.json b/2019/7xxx/CVE-2019-7525.json index 0e1f0a6b09a..97cfb2722fa 100644 --- a/2019/7xxx/CVE-2019-7525.json +++ b/2019/7xxx/CVE-2019-7525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7742.json b/2019/7xxx/CVE-2019-7742.json index ea3ae5f01f0..e11da7265d4 100644 --- a/2019/7xxx/CVE-2019-7742.json +++ b/2019/7xxx/CVE-2019-7742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors", - "refsource" : "MISC", - "url" : "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors", + "refsource": "MISC", + "url": "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8077.json b/2019/8xxx/CVE-2019-8077.json index 14dab26ad3e..e9241ba37d9 100644 --- a/2019/8xxx/CVE-2019-8077.json +++ b/2019/8xxx/CVE-2019-8077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8297.json b/2019/8xxx/CVE-2019-8297.json index cd2ea765361..79bf36d67a2 100644 --- a/2019/8xxx/CVE-2019-8297.json +++ b/2019/8xxx/CVE-2019-8297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8529.json b/2019/8xxx/CVE-2019-8529.json index 06dd996485a..ffbfe4c7a5c 100644 --- a/2019/8xxx/CVE-2019-8529.json +++ b/2019/8xxx/CVE-2019-8529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8566.json b/2019/8xxx/CVE-2019-8566.json index f48346078df..0cbde796847 100644 --- a/2019/8xxx/CVE-2019-8566.json +++ b/2019/8xxx/CVE-2019-8566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9138.json b/2019/9xxx/CVE-2019-9138.json index 8b8179d9bb0..e5dae563015 100644 --- a/2019/9xxx/CVE-2019-9138.json +++ b/2019/9xxx/CVE-2019-9138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9550.json b/2019/9xxx/CVE-2019-9550.json index 34202e368b9..9353cffc228 100644 --- a/2019/9xxx/CVE-2019-9550.json +++ b/2019/9xxx/CVE-2019-9550.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ShaoGongBra/dhcms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/ShaoGongBra/dhcms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ShaoGongBra/dhcms/issues/1", + "refsource": "MISC", + "url": "https://github.com/ShaoGongBra/dhcms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9667.json b/2019/9xxx/CVE-2019-9667.json index 5d02aee118f..dcd7edaaa47 100644 --- a/2019/9xxx/CVE-2019-9667.json +++ b/2019/9xxx/CVE-2019-9667.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9667", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9667", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9678.json b/2019/9xxx/CVE-2019-9678.json index b607b9bebb3..22157ca7739 100644 --- a/2019/9xxx/CVE-2019-9678.json +++ b/2019/9xxx/CVE-2019-9678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file