From 7ee4d0117a9e942a378dab31463652a431799ed5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:52:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0053.json | 170 ++++++++--------- 2007/0xxx/CVE-2007-0072.json | 180 +++++++++--------- 2007/0xxx/CVE-2007-0237.json | 210 ++++++++++----------- 2007/0xxx/CVE-2007-0812.json | 170 ++++++++--------- 2007/0xxx/CVE-2007-0864.json | 170 ++++++++--------- 2007/1xxx/CVE-2007-1070.json | 280 ++++++++++++++-------------- 2007/1xxx/CVE-2007-1157.json | 150 +++++++-------- 2007/1xxx/CVE-2007-1370.json | 180 +++++++++--------- 2007/1xxx/CVE-2007-1828.json | 180 +++++++++--------- 2007/1xxx/CVE-2007-1955.json | 140 +++++++------- 2007/5xxx/CVE-2007-5316.json | 170 ++++++++--------- 2007/5xxx/CVE-2007-5468.json | 180 +++++++++--------- 2007/5xxx/CVE-2007-5587.json | 290 ++++++++++++++--------------- 2007/5xxx/CVE-2007-5730.json | 270 +++++++++++++-------------- 2007/5xxx/CVE-2007-5772.json | 140 +++++++------- 2015/3xxx/CVE-2015-3825.json | 34 ++-- 2015/3xxx/CVE-2015-3962.json | 130 ++++++------- 2015/3xxx/CVE-2015-3979.json | 140 +++++++------- 2015/6xxx/CVE-2015-6435.json | 130 ++++++------- 2015/6xxx/CVE-2015-6833.json | 160 ++++++++-------- 2015/6xxx/CVE-2015-6967.json | 150 +++++++-------- 2015/7xxx/CVE-2015-7293.json | 150 +++++++-------- 2015/7xxx/CVE-2015-7633.json | 210 ++++++++++----------- 2015/8xxx/CVE-2015-8078.json | 180 +++++++++--------- 2015/8xxx/CVE-2015-8770.json | 230 +++++++++++------------ 2016/0xxx/CVE-2016-0042.json | 130 ++++++------- 2016/0xxx/CVE-2016-0260.json | 120 ++++++------ 2016/0xxx/CVE-2016-0611.json | 180 +++++++++--------- 2016/0xxx/CVE-2016-0771.json | 190 +++++++++---------- 2016/1000xxx/CVE-2016-1000015.json | 34 ++-- 2016/1xxx/CVE-2016-1150.json | 170 ++++++++--------- 2016/1xxx/CVE-2016-1212.json | 140 +++++++------- 2016/1xxx/CVE-2016-1237.json | 220 +++++++++++----------- 2016/1xxx/CVE-2016-1444.json | 140 +++++++------- 2016/1xxx/CVE-2016-1538.json | 34 ++-- 2016/1xxx/CVE-2016-1565.json | 130 ++++++------- 2016/5xxx/CVE-2016-5110.json | 34 ++-- 2016/5xxx/CVE-2016-5381.json | 34 ++-- 2016/5xxx/CVE-2016-5462.json | 150 +++++++-------- 2016/5xxx/CVE-2016-5711.json | 120 ++++++------ 2016/5xxx/CVE-2016-5775.json | 34 ++-- 2019/0xxx/CVE-2019-0218.json | 34 ++-- 2019/0xxx/CVE-2019-0313.json | 34 ++-- 2019/0xxx/CVE-2019-0492.json | 34 ++-- 2019/0xxx/CVE-2019-0508.json | 34 ++-- 2019/0xxx/CVE-2019-0785.json | 34 ++-- 2019/1xxx/CVE-2019-1037.json | 34 ++-- 2019/1xxx/CVE-2019-1054.json | 34 ++-- 2019/1xxx/CVE-2019-1656.json | 178 +++++++++--------- 2019/1xxx/CVE-2019-1896.json | 34 ++-- 2019/3xxx/CVE-2019-3532.json | 34 ++-- 2019/4xxx/CVE-2019-4440.json | 34 ++-- 2019/4xxx/CVE-2019-4578.json | 34 ++-- 2019/4xxx/CVE-2019-4593.json | 34 ++-- 2019/4xxx/CVE-2019-4690.json | 34 ++-- 2019/5xxx/CVE-2019-5505.json | 34 ++-- 2019/5xxx/CVE-2019-5559.json | 34 ++-- 2019/8xxx/CVE-2019-8332.json | 34 ++-- 2019/8xxx/CVE-2019-8415.json | 34 ++-- 2019/8xxx/CVE-2019-8626.json | 34 ++-- 2019/8xxx/CVE-2019-8753.json | 34 ++-- 2019/8xxx/CVE-2019-8868.json | 34 ++-- 2019/9xxx/CVE-2019-9090.json | 34 ++-- 2019/9xxx/CVE-2019-9201.json | 120 ++++++------ 2019/9xxx/CVE-2019-9327.json | 34 ++-- 65 files changed, 3650 insertions(+), 3650 deletions(-) diff --git a/2007/0xxx/CVE-2007-0053.json b/2007/0xxx/CVE-2007-0053.json index eadf4d78e0c..47fcda74c2b 100644 --- a/2007/0xxx/CVE-2007-0053.json +++ b/2007/0xxx/CVE-2007-0053.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3062", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3062" - }, - { - "name" : "21833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21833" - }, - { - "name" : "ADV-2007-0016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0016" - }, - { - "name" : "32539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32539" - }, - { - "name" : "23572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23572" - }, - { - "name" : "autodealer-detail-sql-injection(31219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32539", + "refsource": "OSVDB", + "url": "http://osvdb.org/32539" + }, + { + "name": "21833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21833" + }, + { + "name": "23572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23572" + }, + { + "name": "3062", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3062" + }, + { + "name": "autodealer-detail-sql-injection(31219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31219" + }, + { + "name": "ADV-2007-0016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0016" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0072.json b/2007/0xxx/CVE-2007-0072.json index 9e7135670fc..6a0418de69e 100644 --- a/2007/0xxx/CVE-2007-0072.json +++ b/2007/0xxx/CVE-2007-0072.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/309.html" - }, - { - "name" : "http://blogs.iss.net/archive/trend.html", - "refsource" : "MISC", - "url" : "http://blogs.iss.net/archive/trend.html" - }, - { - "name" : "VU#768681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768681" - }, - { - "name" : "32261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32261" - }, - { - "name" : "ADV-2008-3127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3127" - }, - { - "name" : "32618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32618" - }, - { - "name" : "application-rpc-read-bo(38760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32618" + }, + { + "name": "32261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32261" + }, + { + "name": "application-rpc-read-bo(38760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38760" + }, + { + "name": "VU#768681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768681" + }, + { + "name": "http://blogs.iss.net/archive/trend.html", + "refsource": "MISC", + "url": "http://blogs.iss.net/archive/trend.html" + }, + { + "name": "ADV-2008-3127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3127" + }, + { + "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", + "refsource": "ISS", + "url": "http://www.iss.net/threats/309.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0237.json b/2007/0xxx/CVE-2007-0237.json index 51a10619cda..87abfe2f97f 100644 --- a/2007/0xxx/CVE-2007-0237.json +++ b/2007/0xxx/CVE-2007-0237.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=197306", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=197306" - }, - { - "name" : "DSA-1269", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1269" - }, - { - "name" : "GLSA-200712-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-07.xml" - }, - { - "name" : "23026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23026" - }, - { - "name" : "34263", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34263" - }, - { - "name" : "1017792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017792" - }, - { - "name" : "24377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24377" - }, - { - "name" : "24590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24590" - }, - { - "name" : "28023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28023" - }, - { - "name" : "lookup-ndebbinary-symlink(33052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200712-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-07.xml" + }, + { + "name": "28023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28023" + }, + { + "name": "1017792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017792" + }, + { + "name": "DSA-1269", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1269" + }, + { + "name": "34263", + "refsource": "OSVDB", + "url": "http://osvdb.org/34263" + }, + { + "name": "24590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24590" + }, + { + "name": "24377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24377" + }, + { + "name": "23026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23026" + }, + { + "name": "lookup-ndebbinary-symlink(33052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33052" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=197306", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=197306" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0812.json b/2007/0xxx/CVE-2007-0812.json index 3dee0c843bd..14c32bd378b 100644 --- a/2007/0xxx/CVE-2007-0812.json +++ b/2007/0xxx/CVE-2007-0812.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3262", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3262" - }, - { - "name" : "22415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22415" - }, - { - "name" : "ADV-2007-0491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0491" - }, - { - "name" : "32034", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32034" - }, - { - "name" : "24027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24027" - }, - { - "name" : "wbblite-pms-sql-injection(32172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24027" + }, + { + "name": "wbblite-pms-sql-injection(32172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32172" + }, + { + "name": "22415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22415" + }, + { + "name": "ADV-2007-0491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0491" + }, + { + "name": "3262", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3262" + }, + { + "name": "32034", + "refsource": "OSVDB", + "url": "http://osvdb.org/32034" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0864.json b/2007/0xxx/CVE-2007-0864.json index 4ae65963592..411631fb58c 100644 --- a/2007/0xxx/CVE-2007-0864.json +++ b/2007/0xxx/CVE-2007-0864.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3288", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3288" - }, - { - "name" : "22470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22470" - }, - { - "name" : "ADV-2007-0538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0538" - }, - { - "name" : "33167", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33167" - }, - { - "name" : "24079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24079" - }, - { - "name" : "lushiwarplaner-register-sql-injection(32365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lushiwarplaner-register-sql-injection(32365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32365" + }, + { + "name": "22470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22470" + }, + { + "name": "ADV-2007-0538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0538" + }, + { + "name": "33167", + "refsource": "OSVDB", + "url": "http://osvdb.org/33167" + }, + { + "name": "24079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24079" + }, + { + "name": "3288", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3288" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1070.json b/2007/1xxx/CVE-2007-1070.json index e021cfd4684..0ae504967dd 100644 --- a/2007/1xxx/CVE-2007-1070.json +++ b/2007/1xxx/CVE-2007-1070.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070220 TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460686/100/0/threaded" - }, - { - "name" : "20070220 TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460690/100/0/threaded" - }, - { - "name" : "http://www.tippingpoint.com/security/advisories/TSRT-07-01.html", - "refsource" : "MISC", - "url" : "http://www.tippingpoint.com/security/advisories/TSRT-07-01.html" - }, - { - "name" : "http://www.tippingpoint.com/security/advisories/TSRT-07-02.html", - "refsource" : "MISC", - "url" : "http://www.tippingpoint.com/security/advisories/TSRT-07-02.html" - }, - { - "name" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt" - }, - { - "name" : "VU#349393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/349393" - }, - { - "name" : "VU#466609", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/466609" - }, - { - "name" : "VU#630025", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/630025" - }, - { - "name" : "VU#730433", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/730433" - }, - { - "name" : "22639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22639" - }, - { - "name" : "ADV-2007-0670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0670" - }, - { - "name" : "33042", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33042" - }, - { - "name" : "1017676", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017676" - }, - { - "name" : "24243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24243" - }, - { - "name" : "serverprotect-eng50-bo(32594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32594" - }, - { - "name" : "serverprotect-stcommon-bo(32601)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tippingpoint.com/security/advisories/TSRT-07-01.html", + "refsource": "MISC", + "url": "http://www.tippingpoint.com/security/advisories/TSRT-07-01.html" + }, + { + "name": "VU#466609", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/466609" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt" + }, + { + "name": "24243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24243" + }, + { + "name": "33042", + "refsource": "OSVDB", + "url": "http://osvdb.org/33042" + }, + { + "name": "VU#630025", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/630025" + }, + { + "name": "20070220 TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460690/100/0/threaded" + }, + { + "name": "20070220 TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460686/100/0/threaded" + }, + { + "name": "VU#730433", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/730433" + }, + { + "name": "serverprotect-eng50-bo(32594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32594" + }, + { + "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290" + }, + { + "name": "22639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22639" + }, + { + "name": "ADV-2007-0670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0670" + }, + { + "name": "http://www.tippingpoint.com/security/advisories/TSRT-07-02.html", + "refsource": "MISC", + "url": "http://www.tippingpoint.com/security/advisories/TSRT-07-02.html" + }, + { + "name": "VU#349393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/349393" + }, + { + "name": "serverprotect-stcommon-bo(32601)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32601" + }, + { + "name": "1017676", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017676" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1157.json b/2007/1xxx/CVE-2007-1157.json index 02245942ece..5b3864fbd50 100644 --- a/2007/1xxx/CVE-2007-1157.json +++ b/2007/1xxx/CVE-2007-1157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070222 JBoss jmx-console CSRF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460934/100/0/threaded" - }, - { - "name" : "20070223 Re: JBoss jmx-console CSRF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461004/100/0/threaded" - }, - { - "name" : "33142", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33142" - }, - { - "name" : "jboss-jmxconsole-csrf(32673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33142", + "refsource": "OSVDB", + "url": "http://osvdb.org/33142" + }, + { + "name": "jboss-jmxconsole-csrf(32673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673" + }, + { + "name": "20070222 JBoss jmx-console CSRF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded" + }, + { + "name": "20070223 Re: JBoss jmx-console CSRF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1370.json b/2007/1xxx/CVE-2007-1370.json index bfc63a6eb29..2782be0a469 100644 --- a/2007/1xxx/CVE-2007-1370.json +++ b/2007/1xxx/CVE-2007-1370.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/MOPB/BONUS-06-2007.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/MOPB/BONUS-06-2007.html" - }, - { - "name" : "http://www.zend.com/products/zend_platform/security_vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://www.zend.com/products/zend_platform/security_vulnerabilities" - }, - { - "name" : "22801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22801" - }, - { - "name" : "ADV-2007-0829", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0829" - }, - { - "name" : "32772", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32772" - }, - { - "name" : "24501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24501" - }, - { - "name" : "zend-scd-privilege-escalation(32825)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php-security.org/MOPB/BONUS-06-2007.html", + "refsource": "MISC", + "url": "http://www.php-security.org/MOPB/BONUS-06-2007.html" + }, + { + "name": "ADV-2007-0829", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0829" + }, + { + "name": "32772", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32772" + }, + { + "name": "22801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22801" + }, + { + "name": "24501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24501" + }, + { + "name": "zend-scd-privilege-escalation(32825)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32825" + }, + { + "name": "http://www.zend.com/products/zend_platform/security_vulnerabilities", + "refsource": "CONFIRM", + "url": "http://www.zend.com/products/zend_platform/security_vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1828.json b/2007/1xxx/CVE-2007-1828.json index a680ca64d10..62625a38e4d 100644 --- a/2007/1xxx/CVE-2007-1828.json +++ b/2007/1xxx/CVE-2007-1828.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252" - }, - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254" - }, - { - "name" : "20070322 WebAPP Audit", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-March/001455.html" - }, - { - "name" : "ADV-2007-0720", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0720" - }, - { - "name" : "35214", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35214" - }, - { - "name" : "35215", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35215" - }, - { - "name" : "24227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0720", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0720" + }, + { + "name": "20070322 WebAPP Audit", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-March/001455.html" + }, + { + "name": "35214", + "refsource": "OSVDB", + "url": "http://osvdb.org/35214" + }, + { + "name": "24227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24227" + }, + { + "name": "35215", + "refsource": "OSVDB", + "url": "http://osvdb.org/35215" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1955.json b/2007/1xxx/CVE-2007-1955.json index d16f86666ac..2965cc22c7e 100644 --- a/2007/1xxx/CVE-2007-1955.json +++ b/2007/1xxx/CVE-2007-1955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23374" - }, - { - "name" : "34322", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34322" - }, - { - "name" : "24820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34322", + "refsource": "OSVDB", + "url": "http://osvdb.org/34322" + }, + { + "name": "23374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23374" + }, + { + "name": "24820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24820" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5316.json b/2007/5xxx/CVE-2007-5316.json index f5433cf6e66..a1d42c079e4 100644 --- a/2007/5xxx/CVE-2007-5316.json +++ b/2007/5xxx/CVE-2007-5316.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4504", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4504" - }, - { - "name" : "25980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25980" - }, - { - "name" : "ADV-2007-3447", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3447" - }, - { - "name" : "37619", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37619" - }, - { - "name" : "27138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27138" - }, - { - "name" : "softbiz-browsecats-sql-injection(37027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25980" + }, + { + "name": "37619", + "refsource": "OSVDB", + "url": "http://osvdb.org/37619" + }, + { + "name": "ADV-2007-3447", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3447" + }, + { + "name": "27138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27138" + }, + { + "name": "softbiz-browsecats-sql-injection(37027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37027" + }, + { + "name": "4504", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4504" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5468.json b/2007/5xxx/CVE-2007-5468.json index df3bf8c982b..ab8ddc8a220 100644 --- a/2007/5xxx/CVE-2007-5468.json +++ b/2007/5xxx/CVE-2007-5468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka \"toll fraud and authentication forward attack\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071012 CallManager and OpeSer toll fraud and authentication forward attack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html" - }, - { - "name" : "20071015 CallManager and OpeSer toll fraud and authentication forward attack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html" - }, - { - "name" : "20071015 CallManager and OpeSer toll fraud and authentication forward attack", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html" - }, - { - "name" : "26057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26057" - }, - { - "name" : "ADV-2007-3534", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3534" - }, - { - "name" : "27231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27231" - }, - { - "name" : "callmanager-openser-sip-call-hijacking(37197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka \"toll fraud and authentication forward attack\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071012 CallManager and OpeSer toll fraud and authentication forward attack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066581.html" + }, + { + "name": "ADV-2007-3534", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3534" + }, + { + "name": "27231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27231" + }, + { + "name": "26057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26057" + }, + { + "name": "20071015 CallManager and OpeSer toll fraud and authentication forward attack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066694.html" + }, + { + "name": "callmanager-openser-sip-call-hijacking(37197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37197" + }, + { + "name": "20071015 CallManager and OpeSer toll fraud and authentication forward attack", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066691.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5587.json b/2007/5xxx/CVE-2007-5587.json index 775a96943c8..994879bd5e0 100644 --- a/2007/5xxx/CVE-2007-5587.json +++ b/2007/5xxx/CVE-2007-5587.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071017 Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482474/100/0/threaded" - }, - { - "name" : "20071018 [CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482482/100/0/threaded" - }, - { - "name" : "http://blog.48bits.com/?p=172", - "refsource" : "MISC", - "url" : "http://blog.48bits.com/?p=172" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15" - }, - { - "name" : "http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html" - }, - { - "name" : "HPSBST02299", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded" - }, - { - "name" : "SSRT071506", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded" - }, - { - "name" : "MS07-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067" - }, - { - "name" : "944653", - "refsource" : "MSKB", - "url" : "http://www.microsoft.com/technet/security/advisory/944653.mspx" - }, - { - "name" : "TA07-345A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" - }, - { - "name" : "26121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26121" - }, - { - "name" : "ADV-2007-3537", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3537" - }, - { - "name" : "41429", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41429" - }, - { - "name" : "oval:org.mitre.oval:def:4584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584" - }, - { - "name" : "1018833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018833" - }, - { - "name" : "27285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27285" - }, - { - "name" : "3266", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3266" - }, - { - "name" : "windows-secdrv-bo(37284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=43&Itemid=15" + }, + { + "name": "http://blog.48bits.com/?p=172", + "refsource": "MISC", + "url": "http://blog.48bits.com/?p=172" + }, + { + "name": "27285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27285" + }, + { + "name": "944653", + "refsource": "MSKB", + "url": "http://www.microsoft.com/technet/security/advisory/944653.mspx" + }, + { + "name": "oval:org.mitre.oval:def:4584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4584" + }, + { + "name": "ADV-2007-3537", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3537" + }, + { + "name": "SSRT071506", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" + }, + { + "name": "http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/10/privilege_escalation_exploit_i.html" + }, + { + "name": "41429", + "refsource": "OSVDB", + "url": "http://osvdb.org/41429" + }, + { + "name": "HPSBST02299", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded" + }, + { + "name": "TA07-345A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html" + }, + { + "name": "20071018 [CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482482/100/0/threaded" + }, + { + "name": "windows-secdrv-bo(37284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37284" + }, + { + "name": "20071017 Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482474/100/0/threaded" + }, + { + "name": "3266", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3266" + }, + { + "name": "1018833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018833" + }, + { + "name": "26121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26121" + }, + { + "name": "MS07-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-067" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5730.json b/2007/5xxx/CVE-2007-5730.json index 7bbeb4dba95..98e6a99cb74 100644 --- a/2007/5xxx/CVE-2007-5730.json +++ b/2007/5xxx/CVE-2007-5730.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://taviso.decsystem.org/virtsec.pdf", - "refsource" : "MISC", - "url" : "http://taviso.decsystem.org/virtsec.pdf" - }, - { - "name" : "DSA-1284", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1284" - }, - { - "name" : "MDKSA-2007:203", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" - }, - { - "name" : "MDVSA-2008:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" - }, - { - "name" : "RHSA-2008:0194", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0194.html" - }, - { - "name" : "20071030 Clarification on old QEMU/NE2000/Xen issues", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-October/001842.html" - }, - { - "name" : "23731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23731" - }, - { - "name" : "oval:org.mitre.oval:def:10000", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000" - }, - { - "name" : "ADV-2007-1597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1597" - }, - { - "name" : "42985", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42985" - }, - { - "name" : "27486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27486" - }, - { - "name" : "25073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25073" - }, - { - "name" : "25095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25095" - }, - { - "name" : "29963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29963" - }, - { - "name" : "29129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29129" - }, - { - "name" : "qemu-net-socket-bo(38239)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23731" + }, + { + "name": "MDKSA-2007:203", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" + }, + { + "name": "RHSA-2008:0194", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html" + }, + { + "name": "qemu-net-socket-bo(38239)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239" + }, + { + "name": "42985", + "refsource": "OSVDB", + "url": "http://osvdb.org/42985" + }, + { + "name": "DSA-1284", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1284" + }, + { + "name": "25073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25073" + }, + { + "name": "http://taviso.decsystem.org/virtsec.pdf", + "refsource": "MISC", + "url": "http://taviso.decsystem.org/virtsec.pdf" + }, + { + "name": "27486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27486" + }, + { + "name": "MDVSA-2008:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" + }, + { + "name": "oval:org.mitre.oval:def:10000", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000" + }, + { + "name": "29963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29963" + }, + { + "name": "ADV-2007-1597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1597" + }, + { + "name": "29129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29129" + }, + { + "name": "25095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25095" + }, + { + "name": "20071030 Clarification on old QEMU/NE2000/Xen issues", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5772.json b/2007/5xxx/CVE-2007-5772.json index 842f014a5ce..4c6d4230f05 100644 --- a/2007/5xxx/CVE-2007-5772.json +++ b/2007/5xxx/CVE-2007-5772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071025 Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482774/100/0/threaded" - }, - { - "name" : "4562", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4562" - }, - { - "name" : "43636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4562", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4562" + }, + { + "name": "20071025 Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482774/100/0/threaded" + }, + { + "name": "43636", + "refsource": "OSVDB", + "url": "http://osvdb.org/43636" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3825.json b/2015/3xxx/CVE-2015-3825.json index 4dc3227be4a..d5c23a538cf 100644 --- a/2015/3xxx/CVE-2015-3825.json +++ b/2015/3xxx/CVE-2015-3825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3825", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3837. Reason: This candidate is a reservation duplicate of CVE-2015-3837. Notes: All CVE users should reference CVE-2015-3837 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3825", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3837. Reason: This candidate is a reservation duplicate of CVE-2015-3837. Notes: All CVE users should reference CVE-2015-3837 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3962.json b/2015/3xxx/CVE-2015-3962.json index 88fc88a66a2..ccb4372b4b6 100644 --- a/2015/3xxx/CVE-2015-3962.json +++ b/2015/3xxx/CVE-2015-3962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-3962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01" - }, - { - "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01", - "refsource" : "CONFIRM", - "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01", + "refsource": "CONFIRM", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-254-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3979.json b/2015/3xxx/CVE-2015-3979.json index 2810e707337..30361cba9b7 100644 --- a/2015/3xxx/CVE-2015-3979.json +++ b/2015/3xxx/CVE-2015-3979.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/" - }, - { - "name" : "74626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74626" - }, - { - "name" : "1032309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/", + "refsource": "MISC", + "url": "http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/" + }, + { + "name": "74626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74626" + }, + { + "name": "1032309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032309" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6435.json b/2015/6xxx/CVE-2015-6435.json index ca5ea5c7e8d..67de4b8775c 100644 --- a/2015/6xxx/CVE-2015-6435.json +++ b/2015/6xxx/CVE-2015-6435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-6435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160120 Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm" - }, - { - "name" : "1034743", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034743", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034743" + }, + { + "name": "20160120 Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6833.json b/2015/6xxx/CVE-2015-6833.json index 4dbb204d32c..1cdaef286d4 100644 --- a/2015/6xxx/CVE-2015-6833.json +++ b/2015/6xxx/CVE-2015-6833.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-6833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150819 CVE Request: more php unserializing issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/19/3" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=70019", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=70019" - }, - { - "name" : "DSA-3344", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3344" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3344", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3344" + }, + { + "name": "https://bugs.php.net/bug.php?id=70019", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=70019" + }, + { + "name": "[oss-security] 20150819 CVE Request: more php unserializing issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/19/3" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6967.json b/2015/6xxx/CVE-2015-6967.json index 07bc8eaa602..2fdc45cea3d 100644 --- a/2015/6xxx/CVE-2015-6967.json +++ b/2015/6xxx/CVE-2015-6967.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150902 NibbleBlog 4.0.3 - Code Execution - Not fixed", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/5" - }, - { - "name" : "http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html", - "refsource" : "MISC", - "url" : "http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html" - }, - { - "name" : "http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html" - }, - { - "name" : "http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/", - "refsource" : "CONFIRM", - "url" : "http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html", + "refsource": "MISC", + "url": "http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html" + }, + { + "name": "http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/", + "refsource": "CONFIRM", + "url": "http://blog.nibbleblog.com/post/nibbleblog-v4-0-5/" + }, + { + "name": "20150902 NibbleBlog 4.0.3 - Code Execution - Not fixed", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/5" + }, + { + "name": "http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133425/NibbleBlog-4.0.3-Shell-Upload.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7293.json b/2015/7xxx/CVE-2015-7293.json index 0e4dea37e7d..f7064a84959 100644 --- a/2015/7xxx/CVE-2015-7293.json +++ b/2015/7xxx/CVE-2015-7293.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38411", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38411/" - }, - { - "name" : "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html" - }, - { - "name" : "https://plone.org/security/hotfix/20151006", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20151006" - }, - { - "name" : "https://pypi.python.org/pypi/plone4.csrffixes", - "refsource" : "CONFIRM", - "url" : "https://pypi.python.org/pypi/plone4.csrffixes" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html" + }, + { + "name": "38411", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38411/" + }, + { + "name": "https://plone.org/security/hotfix/20151006", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20151006" + }, + { + "name": "https://pypi.python.org/pypi/plone4.csrffixes", + "refsource": "CONFIRM", + "url": "https://pypi.python.org/pypi/plone4.csrffixes" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7633.json b/2015/7xxx/CVE-2015-7633.json index f00e020c8e3..9bfeb45fde1 100644 --- a/2015/7xxx/CVE-2015-7633.json +++ b/2015/7xxx/CVE-2015-7633.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-7633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html" - }, - { - "name" : "GLSA-201511-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201511-02" - }, - { - "name" : "RHSA-2015:2024", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2024.html" - }, - { - "name" : "RHSA-2015:1893", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1893.html" - }, - { - "name" : "SUSE-SU-2015:1740", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:1742", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:1744", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "77065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77065" - }, - { - "name" : "1033797", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, and CVE-2015-7634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:2024", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html" + }, + { + "name": "openSUSE-SU-2015:1744", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html" + }, + { + "name": "77065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77065" + }, + { + "name": "SUSE-SU-2015:1742", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html" + }, + { + "name": "RHSA-2015:1893", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1893.html" + }, + { + "name": "GLSA-201511-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201511-02" + }, + { + "name": "1033797", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033797" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html" + }, + { + "name": "SUSE-SU-2015:1740", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8078.json b/2015/8xxx/CVE-2015-8078.json index aab8de05196..460eb4d5ec5 100644 --- a/2015/8xxx/CVE-2015-8078.json +++ b/2015/8xxx/CVE-2015-8078.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-8078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/04/3" - }, - { - "name" : "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2", - "refsource" : "CONFIRM", - "url" : "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2" - }, - { - "name" : "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html", - "refsource" : "CONFIRM", - "url" : "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html" - }, - { - "name" : "openSUSE-SU-2015:2130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html" - }, - { - "name" : "SUSE-SU-2016:1457", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" - }, - { - "name" : "SUSE-SU-2016:1459", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" - }, - { - "name" : "1034282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html", + "refsource": "CONFIRM", + "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html" + }, + { + "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3" + }, + { + "name": "openSUSE-SU-2015:2130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html" + }, + { + "name": "SUSE-SU-2016:1459", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" + }, + { + "name": "1034282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034282" + }, + { + "name": "SUSE-SU-2016:1457", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" + }, + { + "name": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2", + "refsource": "CONFIRM", + "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8770.json b/2015/8xxx/CVE-2015-8770.json index 0a815f04ff1..714b3038dfe 100644 --- a/2015/8xxx/CVE-2015-8770.json +++ b/2015/8xxx/CVE-2015-8770.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160113 Remote Code Execution in Roundcube", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537304/100/0/threaded" - }, - { - "name" : "39245", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39245/" - }, - { - "name" : "http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23283", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23283" - }, - { - "name" : "http://trac.roundcube.net/changeset/10e5192a2b/github", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/changeset/10e5192a2b/github" - }, - { - "name" : "http://trac.roundcube.net/ticket/1490620", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1490620" - }, - { - "name" : "https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/", - "refsource" : "CONFIRM", - "url" : "https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/" - }, - { - "name" : "DSA-3541", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3541" - }, - { - "name" : "GLSA-201603-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-03" - }, - { - "name" : "openSUSE-SU-2016:0210", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:0213", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0214", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00030.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201603-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-03" + }, + { + "name": "DSA-3541", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3541" + }, + { + "name": "http://trac.roundcube.net/changeset/10e5192a2b/github", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/changeset/10e5192a2b/github" + }, + { + "name": "20160113 Remote Code Execution in Roundcube", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537304/100/0/threaded" + }, + { + "name": "openSUSE-SU-2016:0214", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00030.html" + }, + { + "name": "https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/", + "refsource": "CONFIRM", + "url": "https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/" + }, + { + "name": "openSUSE-SU-2016:0210", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00028.html" + }, + { + "name": "http://trac.roundcube.net/ticket/1490620", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1490620" + }, + { + "name": "http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html" + }, + { + "name": "39245", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39245/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23283", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23283" + }, + { + "name": "openSUSE-SU-2016:0213", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00029.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0042.json b/2016/0xxx/CVE-2016-0042.json index 95328da5961..3ffe53f8e4d 100644 --- a/2016/0xxx/CVE-2016-0042.json +++ b/2016/0xxx/CVE-2016-0042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"Windows DLL Loading Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014" - }, - { - "name" : "1034985", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka \"Windows DLL Loading Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034985", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034985" + }, + { + "name": "MS16-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0260.json b/2016/0xxx/CVE-2016-0260.json index 8304849a5c3..20182c94a8b 100644 --- a/2016/0xxx/CVE-2016-0260.json +++ b/2016/0xxx/CVE-2016-0260.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21984564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984564", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984564" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0611.json b/2016/0xxx/CVE-2016-0611.json index c2fb59d11f0..a46626208bc 100644 --- a/2016/0xxx/CVE-2016-0611.json +++ b/2016/0xxx/CVE-2016-0611.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "openSUSE-SU-2016:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" - }, - { - "name" : "USN-2881-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2881-1" - }, - { - "name" : "81164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81164" - }, - { - "name" : "1034708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" + }, + { + "name": "1034708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034708" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "USN-2881-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2881-1" + }, + { + "name": "openSUSE-SU-2016:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + }, + { + "name": "81164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81164" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0771.json b/2016/0xxx/CVE-2016-0771.json index 2c234b9d713..46be5c7a5ad 100644 --- a/2016/0xxx/CVE-2016-0771.json +++ b/2016/0xxx/CVE-2016-0771.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-0771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=11128", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=11128" - }, - { - "name" : "https://bugzilla.samba.org/show_bug.cgi?id=11686", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.samba.org/show_bug.cgi?id=11686" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2016-0771.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2016-0771.html" - }, - { - "name" : "DSA-3514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3514" - }, - { - "name" : "openSUSE-SU-2016:0813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html" - }, - { - "name" : "USN-2922-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2922-1" - }, - { - "name" : "84273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84273" - }, - { - "name" : "1035219", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2016-0771.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2016-0771.html" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=11128", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=11128" + }, + { + "name": "https://bugzilla.samba.org/show_bug.cgi?id=11686", + "refsource": "CONFIRM", + "url": "https://bugzilla.samba.org/show_bug.cgi?id=11686" + }, + { + "name": "84273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84273" + }, + { + "name": "USN-2922-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2922-1" + }, + { + "name": "DSA-3514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3514" + }, + { + "name": "1035219", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035219" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000015.json b/2016/1000xxx/CVE-2016-1000015.json index be3a0559290..79f2ba22fcf 100644 --- a/2016/1000xxx/CVE-2016-1000015.json +++ b/2016/1000xxx/CVE-2016-1000015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1150.json b/2016/1xxx/CVE-2016-1150.json index b0f5b0b5ceb..77afc69d465 100644 --- a/2016/1xxx/CVE-2016-1150.json +++ b/2016/1xxx/CVE-2016-1150.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cs.cybozu.co.jp/2015/006072.html", - "refsource" : "CONFIRM", - "url" : "https://cs.cybozu.co.jp/2015/006072.html" - }, - { - "name" : "https://cs.cybozu.co.jp/2015/006087.html", - "refsource" : "CONFIRM", - "url" : "https://cs.cybozu.co.jp/2015/006087.html" - }, - { - "name" : "https://cs.cybozu.co.jp/2016/006107.html", - "refsource" : "CONFIRM", - "url" : "https://cs.cybozu.co.jp/2016/006107.html" - }, - { - "name" : "https://cs.cybozu.co.jp/2016/006109.html", - "refsource" : "CONFIRM", - "url" : "https://cs.cybozu.co.jp/2016/006109.html" - }, - { - "name" : "JVN#69278491", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN69278491/index.html" - }, - { - "name" : "JVNDB-2016-000026", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000026", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026" + }, + { + "name": "https://cs.cybozu.co.jp/2015/006072.html", + "refsource": "CONFIRM", + "url": "https://cs.cybozu.co.jp/2015/006072.html" + }, + { + "name": "https://cs.cybozu.co.jp/2015/006087.html", + "refsource": "CONFIRM", + "url": "https://cs.cybozu.co.jp/2015/006087.html" + }, + { + "name": "https://cs.cybozu.co.jp/2016/006107.html", + "refsource": "CONFIRM", + "url": "https://cs.cybozu.co.jp/2016/006107.html" + }, + { + "name": "JVN#69278491", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN69278491/index.html" + }, + { + "name": "https://cs.cybozu.co.jp/2016/006109.html", + "refsource": "CONFIRM", + "url": "https://cs.cybozu.co.jp/2016/006109.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1212.json b/2016/1xxx/CVE-2016-1212.json index b8c055b8c95..a1df043c365 100644 --- a/2016/1xxx/CVE-2016-1212.json +++ b/2016/1xxx/CVE-2016-1212.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2016-1212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.futomi.com/library/info/2016/201605.html", - "refsource" : "CONFIRM", - "url" : "http://www.futomi.com/library/info/2016/201605.html" - }, - { - "name" : "JVN#42545812", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN42545812/index.html" - }, - { - "name" : "JVNDB-2016-000069", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2016-000069", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000069" + }, + { + "name": "JVN#42545812", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN42545812/index.html" + }, + { + "name": "http://www.futomi.com/library/info/2016/201605.html", + "refsource": "CONFIRM", + "url": "http://www.futomi.com/library/info/2016/201605.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1237.json b/2016/1xxx/CVE-2016-1237.json index dfd91f62575..3dad0960b95 100644 --- a/2016/1xxx/CVE-2016-1237.json +++ b/2016/1xxx/CVE-2016-1237.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-1237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/06/25/2" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1350845", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1350845" - }, - { - "name" : "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "USN-3070-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3070-2" - }, - { - "name" : "USN-3070-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3070-3" - }, - { - "name" : "USN-3070-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3070-4" - }, - { - "name" : "USN-3053-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3053-1" - }, - { - "name" : "USN-3070-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3070-1" - }, - { - "name" : "91456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3070-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3070-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845" + }, + { + "name": "USN-3053-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3053-1" + }, + { + "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2" + }, + { + "name": "USN-3070-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3070-3" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-3070-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3070-2" + }, + { + "name": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4" + }, + { + "name": "91456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91456" + }, + { + "name": "USN-3070-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3070-4" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1444.json b/2016/1xxx/CVE-2016-1444.json index 262d2de9cb4..23d49b9811b 100644 --- a/2016/1xxx/CVE-2016-1444.json +++ b/2016/1xxx/CVE-2016-1444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-1444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs" - }, - { - "name" : "91669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91669" - }, - { - "name" : "1036237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160706 Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs" + }, + { + "name": "91669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91669" + }, + { + "name": "1036237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036237" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1538.json b/2016/1xxx/CVE-2016-1538.json index 2d7765debd5..fa6fd529d8a 100644 --- a/2016/1xxx/CVE-2016-1538.json +++ b/2016/1xxx/CVE-2016-1538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1565.json b/2016/1xxx/CVE-2016-1565.json index 1b4eb8c6524..ce280adeb47 100644 --- a/2016/1xxx/CVE-2016-1565.json +++ b/2016/1xxx/CVE-2016-1565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2645350", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2645350" - }, - { - "name" : "https://www.drupal.org/node/2644832", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2644832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2644832", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2644832" + }, + { + "name": "https://www.drupal.org/node/2645350", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2645350" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5110.json b/2016/5xxx/CVE-2016-5110.json index 4ab999a040c..ee099cf988c 100644 --- a/2016/5xxx/CVE-2016-5110.json +++ b/2016/5xxx/CVE-2016-5110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5381.json b/2016/5xxx/CVE-2016-5381.json index e58f58450f9..b0cb9eb252b 100644 --- a/2016/5xxx/CVE-2016-5381.json +++ b/2016/5xxx/CVE-2016-5381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5462.json b/2016/5xxx/CVE-2016-5462.json index 8e4a7ea4dda..7aea5c45761 100644 --- a/2016/5xxx/CVE-2016-5462.json +++ b/2016/5xxx/CVE-2016-5462.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" - }, - { - "name" : "91787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91787" - }, - { - "name" : "91968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91968" - }, - { - "name" : "1036400", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036400", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036400" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" + }, + { + "name": "91787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91787" + }, + { + "name": "91968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91968" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5711.json b/2016/5xxx/CVE-2016-5711.json index da7565020b3..b235b245bbf 100644 --- a/2016/5xxx/CVE-2016-5711.json +++ b/2016/5xxx/CVE-2016-5711.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20161108-0001", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20161108-0001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20161108-0001", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20161108-0001" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5775.json b/2016/5xxx/CVE-2016-5775.json index c4d9ee09a6e..a4d8316501f 100644 --- a/2016/5xxx/CVE-2016-5775.json +++ b/2016/5xxx/CVE-2016-5775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0218.json b/2019/0xxx/CVE-2019-0218.json index 09994838b99..29b96c224b9 100644 --- a/2019/0xxx/CVE-2019-0218.json +++ b/2019/0xxx/CVE-2019-0218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0313.json b/2019/0xxx/CVE-2019-0313.json index 4399b55f036..e6f6a3faebe 100644 --- a/2019/0xxx/CVE-2019-0313.json +++ b/2019/0xxx/CVE-2019-0313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0492.json b/2019/0xxx/CVE-2019-0492.json index 9e01f09064b..201dfbd7a40 100644 --- a/2019/0xxx/CVE-2019-0492.json +++ b/2019/0xxx/CVE-2019-0492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0508.json b/2019/0xxx/CVE-2019-0508.json index 09c39e9df12..77c7b0d0115 100644 --- a/2019/0xxx/CVE-2019-0508.json +++ b/2019/0xxx/CVE-2019-0508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0508", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0508", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0785.json b/2019/0xxx/CVE-2019-0785.json index 235de3dc406..ef84cad3ae0 100644 --- a/2019/0xxx/CVE-2019-0785.json +++ b/2019/0xxx/CVE-2019-0785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0785", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0785", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1037.json b/2019/1xxx/CVE-2019-1037.json index afb37187936..d693c75d300 100644 --- a/2019/1xxx/CVE-2019-1037.json +++ b/2019/1xxx/CVE-2019-1037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1037", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1037", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1054.json b/2019/1xxx/CVE-2019-1054.json index 4d8d4b19cff..d9e22dc4e85 100644 --- a/2019/1xxx/CVE-2019-1054.json +++ b/2019/1xxx/CVE-2019-1054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1656.json b/2019/1xxx/CVE-2019-1656.json index 01d42eaf6b8..fe4e11b3790 100644 --- a/2019/1xxx/CVE-2019-1656.json +++ b/2019/1xxx/CVE-2019-1656.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-23T16:00:00-0800", - "ID" : "CVE-2019-1656", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Enterprise NFV Infrastructure Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "5.3", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-23T16:00:00-0800", + "ID": "CVE-2019-1656", + "STATE": "PUBLIC", + "TITLE": "Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Enterprise NFV Infrastructure Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190123 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access" - }, - { - "name" : "106715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106715" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190123-nfvis-shell-access", - "defect" : [ - [ - "CSCvm80829" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An attacker could exploit this vulnerability by sending crafted commands to the affected device. An exploit could allow the attacker to gain shell access with a nonroot user account to the underlying Linux operating system on the affected device and potentially access system configuration files with sensitive information. This vulnerability only affects console connections from CIMC. It does not apply to remote connections, such as telnet or SSH." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190123 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-nfvis-shell-access" + }, + { + "name": "106715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106715" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190123-nfvis-shell-access", + "defect": [ + [ + "CSCvm80829" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1896.json b/2019/1xxx/CVE-2019-1896.json index 2b8b59c0291..b0790d61ce8 100644 --- a/2019/1xxx/CVE-2019-1896.json +++ b/2019/1xxx/CVE-2019-1896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3532.json b/2019/3xxx/CVE-2019-3532.json index da05a5511ee..e0b86bb52ac 100644 --- a/2019/3xxx/CVE-2019-3532.json +++ b/2019/3xxx/CVE-2019-3532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4440.json b/2019/4xxx/CVE-2019-4440.json index aff8bfd1502..51b826feb20 100644 --- a/2019/4xxx/CVE-2019-4440.json +++ b/2019/4xxx/CVE-2019-4440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4440", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4440", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4578.json b/2019/4xxx/CVE-2019-4578.json index f5da93bb695..cbf0dbb2211 100644 --- a/2019/4xxx/CVE-2019-4578.json +++ b/2019/4xxx/CVE-2019-4578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4593.json b/2019/4xxx/CVE-2019-4593.json index 5e66890eef6..707246e83ea 100644 --- a/2019/4xxx/CVE-2019-4593.json +++ b/2019/4xxx/CVE-2019-4593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4690.json b/2019/4xxx/CVE-2019-4690.json index e281a61dd30..7b1d4999f4a 100644 --- a/2019/4xxx/CVE-2019-4690.json +++ b/2019/4xxx/CVE-2019-4690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5505.json b/2019/5xxx/CVE-2019-5505.json index 4f96c1a65a1..43add585cad 100644 --- a/2019/5xxx/CVE-2019-5505.json +++ b/2019/5xxx/CVE-2019-5505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5559.json b/2019/5xxx/CVE-2019-5559.json index a116e183be5..87d1e807a2f 100644 --- a/2019/5xxx/CVE-2019-5559.json +++ b/2019/5xxx/CVE-2019-5559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8332.json b/2019/8xxx/CVE-2019-8332.json index b87b0940e41..00a0a2272bb 100644 --- a/2019/8xxx/CVE-2019-8332.json +++ b/2019/8xxx/CVE-2019-8332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8415.json b/2019/8xxx/CVE-2019-8415.json index bb345c4b22a..96941923894 100644 --- a/2019/8xxx/CVE-2019-8415.json +++ b/2019/8xxx/CVE-2019-8415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8626.json b/2019/8xxx/CVE-2019-8626.json index 398c6f1635f..42f96f4f2c6 100644 --- a/2019/8xxx/CVE-2019-8626.json +++ b/2019/8xxx/CVE-2019-8626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8753.json b/2019/8xxx/CVE-2019-8753.json index 1f9e79ffc9f..e06641d8468 100644 --- a/2019/8xxx/CVE-2019-8753.json +++ b/2019/8xxx/CVE-2019-8753.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8753", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8753", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8868.json b/2019/8xxx/CVE-2019-8868.json index 7389137c02f..65b7f5a21d3 100644 --- a/2019/8xxx/CVE-2019-8868.json +++ b/2019/8xxx/CVE-2019-8868.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8868", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8868", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9090.json b/2019/9xxx/CVE-2019-9090.json index 73b5e194726..44d7b9ef404 100644 --- a/2019/9xxx/CVE-2019-9090.json +++ b/2019/9xxx/CVE-2019-9090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9201.json b/2019/9xxx/CVE-2019-9201.json index 1e0cad06e4f..5d401113805 100644 --- a/2019/9xxx/CVE-2019-9201.json +++ b/2019/9xxx/CVE-2019-9201.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561", - "refsource" : "MISC", - "url" : "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561", + "refsource": "MISC", + "url": "https://medium.com/@SergiuSechel/misconfiguration-in-ilc-gsm-gprs-devices-leaves-over-1-200-ics-devices-vulnerable-to-attacks-over-82c2d4a91561" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9327.json b/2019/9xxx/CVE-2019-9327.json index fd475f6f7fc..a7c9ba9c6f3 100644 --- a/2019/9xxx/CVE-2019-9327.json +++ b/2019/9xxx/CVE-2019-9327.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9327", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9327", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file