From 84c682a0dd5e7809edd26cbcba21e190c98543a2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:41:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2590.json | 170 +++++++-------- 2007/2xxx/CVE-2007-2724.json | 140 ++++++------ 2007/2xxx/CVE-2007-2830.json | 270 +++++++++++------------ 2007/3xxx/CVE-2007-3270.json | 160 +++++++------- 2007/3xxx/CVE-2007-3609.json | 190 ++++++++--------- 2007/4xxx/CVE-2007-4302.json | 140 ++++++------ 2007/4xxx/CVE-2007-4520.json | 34 +-- 2007/4xxx/CVE-2007-4603.json | 180 ++++++++-------- 2007/4xxx/CVE-2007-4726.json | 150 ++++++------- 2007/6xxx/CVE-2007-6178.json | 140 ++++++------ 2007/6xxx/CVE-2007-6258.json | 200 ++++++++--------- 2007/6xxx/CVE-2007-6525.json | 190 ++++++++--------- 2010/1xxx/CVE-2010-1068.json | 150 ++++++------- 2010/1xxx/CVE-2010-1554.json | 180 ++++++++-------- 2010/1xxx/CVE-2010-1917.json | 220 +++++++++---------- 2010/1xxx/CVE-2010-1936.json | 160 +++++++------- 2010/5xxx/CVE-2010-5074.json | 130 ++++++------ 2010/5xxx/CVE-2010-5119.json | 34 +-- 2014/0xxx/CVE-2014-0276.json | 170 +++++++-------- 2014/0xxx/CVE-2014-0703.json | 120 +++++------ 2014/100xxx/CVE-2014-100022.json | 150 ++++++------- 2014/1xxx/CVE-2014-1295.json | 150 ++++++------- 2014/1xxx/CVE-2014-1621.json | 34 +-- 2014/5xxx/CVE-2014-5285.json | 130 ++++++------ 2014/5xxx/CVE-2014-5402.json | 34 +-- 2014/5xxx/CVE-2014-5778.json | 140 ++++++------ 2014/5xxx/CVE-2014-5912.json | 140 ++++++------ 2015/2xxx/CVE-2015-2078.json | 180 ++++++++-------- 2015/2xxx/CVE-2015-2651.json | 130 ++++++------ 2015/2xxx/CVE-2015-2996.json | 160 +++++++------- 2016/1000xxx/CVE-2016-1000349.json | 34 +-- 2016/10xxx/CVE-2016-10082.json | 140 ++++++------ 2016/10xxx/CVE-2016-10251.json | 160 +++++++------- 2016/10xxx/CVE-2016-10262.json | 34 +-- 2016/4xxx/CVE-2016-4005.json | 130 ++++++------ 2016/4xxx/CVE-2016-4485.json | 330 ++++++++++++++--------------- 2016/4xxx/CVE-2016-4559.json | 34 +-- 2016/4xxx/CVE-2016-4716.json | 150 ++++++------- 2016/4xxx/CVE-2016-4737.json | 210 +++++++++--------- 2016/8xxx/CVE-2016-8235.json | 130 ++++++------ 2016/9xxx/CVE-2016-9244.json | 190 ++++++++--------- 2016/9xxx/CVE-2016-9349.json | 150 ++++++------- 2016/9xxx/CVE-2016-9366.json | 130 ++++++------ 2016/9xxx/CVE-2016-9564.json | 130 ++++++------ 2016/9xxx/CVE-2016-9796.json | 160 +++++++------- 2019/2xxx/CVE-2019-2248.json | 34 +-- 2019/2xxx/CVE-2019-2416.json | 148 ++++++------- 2019/2xxx/CVE-2019-2489.json | 180 ++++++++-------- 2019/2xxx/CVE-2019-2552.json | 140 ++++++------ 2019/2xxx/CVE-2019-2891.json | 34 +-- 2019/3xxx/CVE-2019-3398.json | 34 +-- 2019/3xxx/CVE-2019-3453.json | 34 +-- 2019/3xxx/CVE-2019-3512.json | 34 +-- 2019/3xxx/CVE-2019-3892.json | 34 +-- 2019/6xxx/CVE-2019-6596.json | 132 ++++++------ 2019/6xxx/CVE-2019-6701.json | 34 +-- 2019/6xxx/CVE-2019-6912.json | 34 +-- 2019/7xxx/CVE-2019-7136.json | 34 +-- 2019/7xxx/CVE-2019-7139.json | 34 +-- 2019/7xxx/CVE-2019-7736.json | 120 +++++------ 2019/7xxx/CVE-2019-7826.json | 34 +-- 61 files changed, 3791 insertions(+), 3791 deletions(-) diff --git a/2007/2xxx/CVE-2007-2590.json b/2007/2xxx/CVE-2007-2590.json index bec3f132ac4..def04b051d1 100644 --- a/2007/2xxx/CVE-2007-2590.json +++ b/2007/2xxx/CVE-2007-2590.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468048/100/0/threaded" - }, - { - "name" : "http://www.sec-consult.com/289.html", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/289.html" - }, - { - "name" : "34514", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34514" - }, - { - "name" : "ADV-2007-1727", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1727" - }, - { - "name" : "25212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25212" - }, - { - "name" : "2689", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34514", + "refsource": "OSVDB", + "url": "http://osvdb.org/34514" + }, + { + "name": "http://www.sec-consult.com/289.html", + "refsource": "MISC", + "url": "http://www.sec-consult.com/289.html" + }, + { + "name": "ADV-2007-1727", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1727" + }, + { + "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded" + }, + { + "name": "25212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25212" + }, + { + "name": "2689", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2689" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2724.json b/2007/2xxx/CVE-2007-2724.json index 85ce292a4dd..2b74236aa8c 100644 --- a/2007/2xxx/CVE-2007-2724.json +++ b/2007/2xxx/CVE-2007-2724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070511 fotolog xss", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/468316/100/0/threaded" - }, - { - "name" : "37916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37916" - }, - { - "name" : "2713", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2713", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2713" + }, + { + "name": "20070511 fotolog xss", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/468316/100/0/threaded" + }, + { + "name": "37916", + "refsource": "OSVDB", + "url": "http://osvdb.org/37916" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2830.json b/2007/2xxx/CVE-2007-2830.json index d8773f122a4..91daf0f6a44 100644 --- a/2007/2xxx/CVE-2007-2830.json +++ b/2007/2xxx/CVE-2007-2830.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070606 FLEA-2007-0021-2: madwifi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/470674/100/100/threaded" - }, - { - "name" : "http://madwifi.org/ticket/1270", - "refsource" : "CONFIRM", - "url" : "http://madwifi.org/ticket/1270" - }, - { - "name" : "http://madwifi.org/wiki/Security", - "refsource" : "CONFIRM", - "url" : "http://madwifi.org/wiki/Security" - }, - { - "name" : "GLSA-200706-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-04.xml" - }, - { - "name" : "MDKSA-2007:132", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132" - }, - { - "name" : "SUSE-SR:2007:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" - }, - { - "name" : "USN-479-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-479-1" - }, - { - "name" : "24114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24114" - }, - { - "name" : "36636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36636" - }, - { - "name" : "ADV-2007-1919", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1919" - }, - { - "name" : "25339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25339" - }, - { - "name" : "25622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25622" - }, - { - "name" : "25763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25763" - }, - { - "name" : "25861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25861" - }, - { - "name" : "26083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26083" - }, - { - "name" : "madwifi-athbeaconconfig-dos(34451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-479-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-479-1" + }, + { + "name": "GLSA-200706-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml" + }, + { + "name": "25339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25339" + }, + { + "name": "24114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24114" + }, + { + "name": "26083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26083" + }, + { + "name": "25622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25622" + }, + { + "name": "SUSE-SR:2007:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html" + }, + { + "name": "36636", + "refsource": "OSVDB", + "url": "http://osvdb.org/36636" + }, + { + "name": "madwifi-athbeaconconfig-dos(34451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34451" + }, + { + "name": "25763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25763" + }, + { + "name": "http://madwifi.org/ticket/1270", + "refsource": "CONFIRM", + "url": "http://madwifi.org/ticket/1270" + }, + { + "name": "MDKSA-2007:132", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132" + }, + { + "name": "http://madwifi.org/wiki/Security", + "refsource": "CONFIRM", + "url": "http://madwifi.org/wiki/Security" + }, + { + "name": "25861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25861" + }, + { + "name": "ADV-2007-1919", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1919" + }, + { + "name": "20070606 FLEA-2007-0021-2: madwifi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3270.json b/2007/3xxx/CVE-2007-3270.json index 044d9153a1e..83c411fe385 100644 --- a/2007/3xxx/CVE-2007-3270.json +++ b/2007/3xxx/CVE-2007-3270.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4074", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4074" - }, - { - "name" : "24496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24496" - }, - { - "name" : "ADV-2007-2240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2240" - }, - { - "name" : "38464", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/38464" - }, - { - "name" : "phpmyinventory-globalsinc-file-include(34926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmyinventory-globalsinc-file-include(34926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34926" + }, + { + "name": "24496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24496" + }, + { + "name": "38464", + "refsource": "OSVDB", + "url": "http://osvdb.org/38464" + }, + { + "name": "4074", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4074" + }, + { + "name": "ADV-2007-2240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2240" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3609.json b/2007/3xxx/CVE-2007-3609.json index 34031dce16f..d1348072e79 100644 --- a/2007/3xxx/CVE-2007-3609.json +++ b/2007/3xxx/CVE-2007-3609.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4154", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4154" - }, - { - "name" : "24786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24786" - }, - { - "name" : "ADV-2007-2448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2448" - }, - { - "name" : "36363", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36363" - }, - { - "name" : "36364", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36364" - }, - { - "name" : "25974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25974" - }, - { - "name" : "emeeting-b-sql-injection(35274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35274" - }, - { - "name" : "emeeting-gallery-sql-injection(35275)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24786" + }, + { + "name": "ADV-2007-2448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2448" + }, + { + "name": "4154", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4154" + }, + { + "name": "36363", + "refsource": "OSVDB", + "url": "http://osvdb.org/36363" + }, + { + "name": "emeeting-b-sql-injection(35274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35274" + }, + { + "name": "36364", + "refsource": "OSVDB", + "url": "http://osvdb.org/36364" + }, + { + "name": "25974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25974" + }, + { + "name": "emeeting-gallery-sql-injection(35275)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35275" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4302.json b/2007/4xxx/CVE-2007-4302.json index 1f233764f89..8bf6f8abc31 100644 --- a/2007/4xxx/CVE-2007-4302.json +++ b/2007/4xxx/CVE-2007-4302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.watson.org/~robert/2007woot/", - "refsource" : "MISC", - "url" : "http://www.watson.org/~robert/2007woot/" - }, - { - "name" : "25251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25251" - }, - { - "name" : "26469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25251" + }, + { + "name": "http://www.watson.org/~robert/2007woot/", + "refsource": "MISC", + "url": "http://www.watson.org/~robert/2007woot/" + }, + { + "name": "26469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26469" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4520.json b/2007/4xxx/CVE-2007-4520.json index f492e88caed..895b17edb2f 100644 --- a/2007/4xxx/CVE-2007-4520.json +++ b/2007/4xxx/CVE-2007-4520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4520", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4520", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4603.json b/2007/4xxx/CVE-2007-4603.json index 0cdbb5c5f44..9ae1d57e1f6 100644 --- a/2007/4xxx/CVE-2007-4603.json +++ b/2007/4xxx/CVE-2007-4603.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4330", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4330" - }, - { - "name" : "http://14house.blogspot.com/2007/08/acg-news-sql-injection.html", - "refsource" : "MISC", - "url" : "http://14house.blogspot.com/2007/08/acg-news-sql-injection.html" - }, - { - "name" : "25466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25466" - }, - { - "name" : "36690", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36690" - }, - { - "name" : "36691", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/36691" - }, - { - "name" : "26637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26637" - }, - { - "name" : "acgnews-index-sql-injection(36293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25466" + }, + { + "name": "36691", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36691" + }, + { + "name": "4330", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4330" + }, + { + "name": "http://14house.blogspot.com/2007/08/acg-news-sql-injection.html", + "refsource": "MISC", + "url": "http://14house.blogspot.com/2007/08/acg-news-sql-injection.html" + }, + { + "name": "acgnews-index-sql-injection(36293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36293" + }, + { + "name": "36690", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/36690" + }, + { + "name": "26637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26637" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4726.json b/2007/4xxx/CVE-2007-4726.json index 240145e1cff..2e06232da49 100644 --- a/2007/4xxx/CVE-2007-4726.json +++ b/2007/4xxx/CVE-2007-4726.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4362", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4362" - }, - { - "name" : "25535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25535" - }, - { - "name" : "41028", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41028" - }, - { - "name" : "weboddity-directory-traversal(36427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weboddity-directory-traversal(36427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36427" + }, + { + "name": "4362", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4362" + }, + { + "name": "41028", + "refsource": "OSVDB", + "url": "http://osvdb.org/41028" + }, + { + "name": "25535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25535" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6178.json b/2007/6xxx/CVE-2007-6178.json index ef9d2bdc136..890df39559a 100644 --- a/2007/6xxx/CVE-2007-6178.json +++ b/2007/6xxx/CVE-2007-6178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4671", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4671" - }, - { - "name" : "26623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26623" - }, - { - "name" : "ehcp-confdir-file-include(38698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26623" + }, + { + "name": "4671", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4671" + }, + { + "name": "ehcp-confdir-file-include(38698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38698" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6258.json b/2007/6xxx/CVE-2007-6258.json index beed04d5af0..3656e3b3a2c 100644 --- a/2007/6xxx/CVE-2007-6258.json +++ b/2007/6xxx/CVE-2007-6258.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2007-6258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487983/100/100/threaded" - }, - { - "name" : "5386", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5386" - }, - { - "name" : "5330", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5330" - }, - { - "name" : "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf" - }, - { - "name" : "http://www.ioactive.com/pdfs/mod_jk2.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/pdfs/mod_jk2.pdf" - }, - { - "name" : "VU#771937", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/771937" - }, - { - "name" : "27752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27752" - }, - { - "name" : "ADV-2008-0572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0572" - }, - { - "name" : "3661", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080212 IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487983/100/100/threaded" + }, + { + "name": "ADV-2008-0572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0572" + }, + { + "name": "27752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27752" + }, + { + "name": "http://www.ioactive.com/pdfs/mod_jk2.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/pdfs/mod_jk2.pdf" + }, + { + "name": "5330", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5330" + }, + { + "name": "3661", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3661" + }, + { + "name": "VU#771937", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/771937" + }, + { + "name": "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/vulnerabilities/mod_jk2LegacyBufferOverflowAdvisory.pdf" + }, + { + "name": "5386", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5386" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6525.json b/2007/6xxx/CVE-2007-6525.json index 88a5355e971..24a1d5836b4 100644 --- a/2007/6xxx/CVE-2007-6525.json +++ b/2007/6xxx/CVE-2007-6525.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to \"scripting.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IO06740", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IO06740" - }, - { - "name" : "PK52498", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1PK52498" - }, - { - "name" : "26975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26975" - }, - { - "name" : "ADV-2007-4295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4295" - }, - { - "name" : "41624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41624" - }, - { - "name" : "1019139", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019139" - }, - { - "name" : "28174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28174" - }, - { - "name" : "zos-eclient-unspecified(39177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to \"scripting.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26975" + }, + { + "name": "IO06740", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IO06740" + }, + { + "name": "1019139", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019139" + }, + { + "name": "41624", + "refsource": "OSVDB", + "url": "http://osvdb.org/41624" + }, + { + "name": "ADV-2007-4295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4295" + }, + { + "name": "PK52498", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1PK52498" + }, + { + "name": "zos-eclient-unspecified(39177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39177" + }, + { + "name": "28174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28174" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1068.json b/2010/1xxx/CVE-2010-1068.json index df760ed2d62..2365536d3f2 100644 --- a/2010/1xxx/CVE-2010-1068.json +++ b/2010/1xxx/CVE-2010-1068.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt" - }, - { - "name" : "11092", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11092" - }, - { - "name" : "38097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38097" - }, - { - "name" : "surgeftp-surgeftpmgr-xss(55509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38097" + }, + { + "name": "11092", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11092" + }, + { + "name": "surgeftp-surgeftpmgr-xss(55509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55509" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/surgeftp-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1554.json b/2010/1xxx/CVE-2010-1554.json index c910470af4b..4a84df9c71c 100644 --- a/2010/1xxx/CVE-2010-1554.json +++ b/2010/1xxx/CVE-2010-1554.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-1554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511249/100/0/threaded" - }, - { - "name" : "14181", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14181" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-10-085/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-10-085/" - }, - { - "name" : "HPSBMA02527", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT010098", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "SSRT090229", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2" - }, - { - "name" : "8154", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090229", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "SSRT010098", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "HPSBMA02527", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2" + }, + { + "name": "8154", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8154" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-10-085/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-10-085/" + }, + { + "name": "14181", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14181" + }, + { + "name": "20100511 ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511249/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1917.json b/2010/1xxx/CVE-2010-1917.json index dda9b9c9b6f..cc58514496f 100644 --- a/2010/1xxx/CVE-2010-1917.json +++ b/2010/1xxx/CVE-2010-1917.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html" - }, - { - "name" : "DSA-2089", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2089" - }, - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "RHSA-2010:0919", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "40860", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40860" - }, - { - "name" : "42410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42410" - }, - { - "name" : "ADV-2010-3081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3081" - }, - { - "name" : "php-fnmatchfunction-dos(58585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40860", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40860" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "DSA-2089", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2089" + }, + { + "name": "RHSA-2010:0919", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html" + }, + { + "name": "42410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42410" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "php-fnmatchfunction-dos(58585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58585" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html", + "refsource": "MISC", + "url": "http://www.php-security.org/2010/05/11/mops-2010-021-php-fnmatch-stack-exhaustion-vulnerability/index.html" + }, + { + "name": "ADV-2010-3081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3081" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1936.json b/2010/1xxx/CVE-2010-1936.json index a75dfb355a5..d038a6fa543 100644 --- a/2010/1xxx/CVE-2010-1936.json +++ b/2010/1xxx/CVE-2010-1936.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12396", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12396" - }, - { - "name" : "http://packetstormsecurity.org/1004-exploits/opencominterne-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1004-exploits/opencominterne-lfi.txt" - }, - { - "name" : "64211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64211" - }, - { - "name" : "39623", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39623" - }, - { - "name" : "opencominterne-soustab-file-include(58129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64211" + }, + { + "name": "opencominterne-soustab-file-include(58129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58129" + }, + { + "name": "39623", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39623" + }, + { + "name": "12396", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12396" + }, + { + "name": "http://packetstormsecurity.org/1004-exploits/opencominterne-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1004-exploits/opencominterne-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5074.json b/2010/5xxx/CVE-2010-5074.json index 08cc876361f..31fc6934128 100644 --- a/2010/5xxx/CVE-2010-5074.json +++ b/2010/5xxx/CVE-2010-5074.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/", - "refsource" : "CONFIRM", - "url" : "http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/" - }, - { - "name" : "oval:org.mitre.oval:def:14456", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/", + "refsource": "CONFIRM", + "url": "http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/" + }, + { + "name": "oval:org.mitre.oval:def:14456", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14456" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5119.json b/2010/5xxx/CVE-2010-5119.json index 832c1ab5559..1399895359f 100644 --- a/2010/5xxx/CVE-2010-5119.json +++ b/2010/5xxx/CVE-2010-5119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5119", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-5119", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0276.json b/2014/0xxx/CVE-2014-0276.json index e769410c51b..e3c15a16224 100644 --- a/2014/0xxx/CVE-2014-0276.json +++ b/2014/0xxx/CVE-2014-0276.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-0276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" - }, - { - "name" : "65375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65375" - }, - { - "name" : "103175", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/103175" - }, - { - "name" : "1029741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029741" - }, - { - "name" : "56796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56796" - }, - { - "name" : "ms-ie-cve20140276-code-exec(90766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" + }, + { + "name": "103175", + "refsource": "OSVDB", + "url": "http://osvdb.org/103175" + }, + { + "name": "ms-ie-cve20140276-code-exec(90766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90766" + }, + { + "name": "1029741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029741" + }, + { + "name": "56796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56796" + }, + { + "name": "65375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65375" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0703.json b/2014/0xxx/CVE-2014-0703.json index f8c85f6d6af..7eb97a30859 100644 --- a/2014/0xxx/CVE-2014-0703.json +++ b/2014/0xxx/CVE-2014-0703.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" + } + ] + } +} \ No newline at end of file diff --git a/2014/100xxx/CVE-2014-100022.json b/2014/100xxx/CVE-2014-100022.json index dbbbe429ced..a195b5738ad 100644 --- a/2014/100xxx/CVE-2014-100022.json +++ b/2014/100xxx/CVE-2014-100022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-100022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-100022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/" - }, - { - "name" : "https://wordpress.org/plugins/mtouch-quiz/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/mtouch-quiz/changelog/" - }, - { - "name" : "57491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57491" - }, - { - "name" : "mtouch-quiz-wordpress-sql-injection(91950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57491" + }, + { + "name": "https://wordpress.org/plugins/mtouch-quiz/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/mtouch-quiz/changelog/" + }, + { + "name": "https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/" + }, + { + "name": "mtouch-quiz-wordpress-sql-injection(91950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91950" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1295.json b/2014/1xxx/CVE-2014-1295.json index 44b69e098c4..379dd05d340 100644 --- a/2014/1xxx/CVE-2014-1295.json +++ b/2014/1xxx/CVE-2014-1295.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure-resumption.com/", - "refsource" : "MISC", - "url" : "https://secure-resumption.com/" - }, - { - "name" : "APPLE-SA-2014-04-22-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" - }, - { - "name" : "APPLE-SA-2014-04-22-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" - }, - { - "name" : "APPLE-SA-2014-04-22-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-04-22-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" + }, + { + "name": "APPLE-SA-2014-04-22-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" + }, + { + "name": "APPLE-SA-2014-04-22-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" + }, + { + "name": "https://secure-resumption.com/", + "refsource": "MISC", + "url": "https://secure-resumption.com/" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1621.json b/2014/1xxx/CVE-2014-1621.json index 00bc5f95549..fc74bb69012 100644 --- a/2014/1xxx/CVE-2014-1621.json +++ b/2014/1xxx/CVE-2014-1621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5285.json b/2014/5xxx/CVE-2014-5285.json index cddea693989..2c8b1876404 100644 --- a/2014/5xxx/CVE-2014-5285.json +++ b/2014/5xxx/CVE-2014-5285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt" - }, - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5402.json b/2014/5xxx/CVE-2014-5402.json index db355b81576..ccacca651d4 100644 --- a/2014/5xxx/CVE-2014-5402.json +++ b/2014/5xxx/CVE-2014-5402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5402", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-5402", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5778.json b/2014/5xxx/CVE-2014-5778.json index 1c6b3f7b34f..96fdc3490b9 100644 --- a/2014/5xxx/CVE-2014-5778.json +++ b/2014/5xxx/CVE-2014-5778.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#538849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/538849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#538849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/538849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5912.json b/2014/5xxx/CVE-2014-5912.json index abafdb2acf4..4b035af78a1 100644 --- a/2014/5xxx/CVE-2014-5912.json +++ b/2014/5xxx/CVE-2014-5912.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#744505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/744505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#744505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/744505" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2078.json b/2015/2xxx/CVE-2015-2078.json index aa8c7482bb1..9a63df35c56 100644 --- a/2015/2xxx/CVE-2015-2078.json +++ b/2015/2xxx/CVE-2015-2078.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4", - "refsource" : "MISC", - "url" : "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4" - }, - { - "name" : "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4", - "refsource" : "MISC", - "url" : "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4" - }, - { - "name" : "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/", - "refsource" : "MISC", - "url" : "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/" - }, - { - "name" : "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339", - "refsource" : "MISC", - "url" : "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339" - }, - { - "name" : "TA15-051A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA15-051A.html" - }, - { - "name" : "VU#529496", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/529496" - }, - { - "name" : "1031779", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA15-051A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA15-051A.html" + }, + { + "name": "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4", + "refsource": "MISC", + "url": "http://blog.erratasec.com/2015/02/some-notes-on-superfish.html#.VOq6Yvn8Fp4" + }, + { + "name": "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4", + "refsource": "MISC", + "url": "http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOq6Yfn8Fp4" + }, + { + "name": "1031779", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031779" + }, + { + "name": "VU#529496", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/529496" + }, + { + "name": "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339", + "refsource": "MISC", + "url": "https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339" + }, + { + "name": "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/", + "refsource": "MISC", + "url": "https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2651.json b/2015/2xxx/CVE-2015-2651.json index bfdfc3963fa..7eef3985a33 100644 --- a/2015/2xxx/CVE-2015-2651.json +++ b/2015/2xxx/CVE-2015-2651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "1032914", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032914", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032914" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2996.json b/2015/2xxx/CVE-2015-2996.json index 145d87a5c37..fdcb5fb613d 100644 --- a/2015/2xxx/CVE-2015-2996.json +++ b/2015/2xxx/CVE-2015-2996.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535679/100/0/threaded" - }, - { - "name" : "20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/8" - }, - { - "name" : "http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html" - }, - { - "name" : "https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk", - "refsource" : "CONFIRM", - "url" : "https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk" - }, - { - "name" : "75038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/8" + }, + { + "name": "20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535679/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html" + }, + { + "name": "75038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75038" + }, + { + "name": "https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk", + "refsource": "CONFIRM", + "url": "https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000349.json b/2016/1000xxx/CVE-2016-1000349.json index 88315374511..ab68bf08499 100644 --- a/2016/1000xxx/CVE-2016-1000349.json +++ b/2016/1000xxx/CVE-2016-1000349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000349", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10209. Reason: This candidate is a reservation duplicate of CVE-2016-10209. Notes: All CVE users should reference CVE-2016-10209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1000349", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10209. Reason: This candidate is a reservation duplicate of CVE-2016-10209. Notes: All CVE users should reference CVE-2016-10209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10082.json b/2016/10xxx/CVE-2016-10082.json index 81e1f6898d8..e3f644d7f72 100644 --- a/2016/10xxx/CVE-2016-10082.json +++ b/2016/10xxx/CVE-2016-10082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85" - }, - { - "name" : "https://github.com/s9y/Serendipity/issues/433", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/issues/433" - }, - { - "name" : "95165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95165" + }, + { + "name": "https://github.com/s9y/Serendipity/issues/433", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/issues/433" + }, + { + "name": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10251.json b/2016/10xxx/CVE-2016-10251.json index dad9655ebbe..3af841391cb 100644 --- a/2016/10xxx/CVE-2016-10251.json +++ b/2016/10xxx/CVE-2016-10251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/" - }, - { - "name" : "https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387", - "refsource" : "CONFIRM", - "url" : "https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387" - }, - { - "name" : "DSA-3827", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3827" - }, - { - "name" : "RHSA-2017:1208", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1208" - }, - { - "name" : "97584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/11/04/jasper-use-of-uninitialized-value-in-jpc_pi_nextcprl-jpc_t2cod-c/" + }, + { + "name": "https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387", + "refsource": "CONFIRM", + "url": "https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387" + }, + { + "name": "RHSA-2017:1208", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1208" + }, + { + "name": "97584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97584" + }, + { + "name": "DSA-3827", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3827" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10262.json b/2016/10xxx/CVE-2016-10262.json index 28c938478bc..7caca76790a 100644 --- a/2016/10xxx/CVE-2016-10262.json +++ b/2016/10xxx/CVE-2016-10262.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10262", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10262", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4005.json b/2016/4xxx/CVE-2016-4005.json index 80b8b5687c5..6eccf36df7e 100644 --- a/2016/4xxx/CVE-2016-4005.json +++ b/2016/4xxx/CVE-2016-4005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en" - }, - { - "name" : "86536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86536" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-wear-en" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4485.json b/2016/4xxx/CVE-2016-4485.json index ebdc17eef2d..4063ef1deb5 100644 --- a/2016/4xxx/CVE-2016-4485.json +++ b/2016/4xxx/CVE-2016-4485.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/04/26" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1333309", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1333309" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd" - }, - { - "name" : "DSA-3607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3607" - }, - { - "name" : "SUSE-SU-2016:1672", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" - }, - { - "name" : "openSUSE-SU-2016:1641", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" - }, - { - "name" : "SUSE-SU-2016:1985", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" - }, - { - "name" : "USN-2996-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2996-1" - }, - { - "name" : "USN-2997-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2997-1" - }, - { - "name" : "USN-2989-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2989-1" - }, - { - "name" : "USN-2998-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2998-1" - }, - { - "name" : "USN-3000-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3000-1" - }, - { - "name" : "USN-3001-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3001-1" - }, - { - "name" : "USN-3002-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3002-1" - }, - { - "name" : "USN-3003-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3003-1" - }, - { - "name" : "USN-3004-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3004-1" - }, - { - "name" : "USN-3005-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3005-1" - }, - { - "name" : "USN-3006-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3006-1" - }, - { - "name" : "USN-3007-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3007-1" - }, - { - "name" : "90015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3006-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3006-1" + }, + { + "name": "USN-3004-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3004-1" + }, + { + "name": "USN-3001-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3001-1" + }, + { + "name": "[oss-security] 20160503 CVE Request: kernel information leak vulnerability in llc module", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/04/26" + }, + { + "name": "USN-3005-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3005-1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd" + }, + { + "name": "SUSE-SU-2016:1985", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html" + }, + { + "name": "openSUSE-SU-2016:1641", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" + }, + { + "name": "USN-2997-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2997-1" + }, + { + "name": "USN-3000-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3000-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333309" + }, + { + "name": "DSA-3607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3607" + }, + { + "name": "USN-3002-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3002-1" + }, + { + "name": "USN-2996-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2996-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b8670c09f37bdf2847cc44f36511a53afc6161fd" + }, + { + "name": "SUSE-SU-2016:1672", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html" + }, + { + "name": "USN-2989-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2989-1" + }, + { + "name": "USN-3007-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3007-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5" + }, + { + "name": "90015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90015" + }, + { + "name": "USN-3003-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3003-1" + }, + { + "name": "USN-2998-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2998-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4559.json b/2016/4xxx/CVE-2016-4559.json index 000fa4ce9d5..4b4277dc2bf 100644 --- a/2016/4xxx/CVE-2016-4559.json +++ b/2016/4xxx/CVE-2016-4559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4716.json b/2016/4xxx/CVE-2016-4716.json index 5d10463e4a0..ed26432aa6d 100644 --- a/2016/4xxx/CVE-2016-4716.json +++ b/2016/4xxx/CVE-2016-4716.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "93055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93055" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "93055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93055" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4737.json b/2016/4xxx/CVE-2016-4737.json index 22eaa5b2228..ad8398139c8 100644 --- a/2016/4xxx/CVE-2016-4737.json +++ b/2016/4xxx/CVE-2016-4737.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207141" - }, - { - "name" : "https://support.apple.com/HT207142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207142" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207157", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207157" - }, - { - "name" : "APPLE-SA-2016-09-20-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" - }, - { - "name" : "APPLE-SA-2016-09-20-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" - }, - { - "name" : "93065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93065" - }, - { - "name" : "1036854", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207141" + }, + { + "name": "93065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93065" + }, + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT207157", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207157" + }, + { + "name": "APPLE-SA-2016-09-20-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" + }, + { + "name": "APPLE-SA-2016-09-20-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" + }, + { + "name": "1036854", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036854" + }, + { + "name": "https://support.apple.com/HT207142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207142" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + }, + { + "name": "APPLE-SA-2016-09-20-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8235.json b/2016/8xxx/CVE-2016-8235.json index c48ab7eb46d..a0592f778e1 100644 --- a/2016/8xxx/CVE-2016-8235.json +++ b/2016/8xxx/CVE-2016-8235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2016-8235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Customer Care Software Development Kit (CCSDK)", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 2.0.16.3" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2016-8235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customer Care Software Development Kit (CCSDK)", + "version": { + "version_data": [ + { + "version_value": "Earlier than 2.0.16.3" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-11340", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-11340" - }, - { - "name" : "97543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97543" + }, + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-11340", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-11340" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9244.json b/2016/9xxx/CVE-2016-9244.json index 03b25ce5099..e9f7ea7b98d 100644 --- a/2016/9xxx/CVE-2016-9244.json +++ b/2016/9xxx/CVE-2016-9244.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2016-9244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM, PSM", - "version" : { - "version_data" : [ - { - "version_value" : "11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "TLS Session Ticket uninitialized memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2016-9244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM, PSM", + "version": { + "version_data": [ + { + "version_value": "11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41298", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41298/" - }, - { - "name" : "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html" - }, - { - "name" : "https://blog.filippo.io/finding-ticketbleed/", - "refsource" : "MISC", - "url" : "https://blog.filippo.io/finding-ticketbleed/" - }, - { - "name" : "https://filippo.io/Ticketbleed/", - "refsource" : "MISC", - "url" : "https://filippo.io/Ticketbleed/" - }, - { - "name" : "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py", - "refsource" : "MISC", - "url" : "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py" - }, - { - "name" : "https://support.f5.com/csp/article/K05121675", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K05121675" - }, - { - "name" : "96143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96143" - }, - { - "name" : "1037800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TLS Session Ticket uninitialized memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K05121675", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K05121675" + }, + { + "name": "41298", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41298/" + }, + { + "name": "https://filippo.io/Ticketbleed/", + "refsource": "MISC", + "url": "https://filippo.io/Ticketbleed/" + }, + { + "name": "96143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96143" + }, + { + "name": "https://blog.filippo.io/finding-ticketbleed/", + "refsource": "MISC", + "url": "https://blog.filippo.io/finding-ticketbleed/" + }, + { + "name": "1037800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037800" + }, + { + "name": "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html" + }, + { + "name": "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py", + "refsource": "MISC", + "url": "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9349.json b/2016/9xxx/CVE-2016-9349.json index d5813b3849b..f0340203fce 100644 --- a/2016/9xxx/CVE-2016-9349.json +++ b/2016/9xxx/CVE-2016-9349.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech SUSIAccess Server 3.0 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech SUSIAccess Server 3.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Advantech SUSIAccess Server traverse the file system" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech SUSIAccess Server 3.0 and prior", + "version": { + "version_data": [ + { + "version_value": "Advantech SUSIAccess Server 3.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42401", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42401/" - }, - { - "name" : "42402", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42402/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04" - }, - { - "name" : "94629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Advantech SUSIAccess Server traverse the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04" + }, + { + "name": "94629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94629" + }, + { + "name": "42401", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42401/" + }, + { + "name": "42402", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42402/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9366.json b/2016/9xxx/CVE-2016-9366.json index f3b2cafe40e..996a9d44e6a 100644 --- a/2016/9xxx/CVE-2016-9366.json +++ b/2016/9xxx/CVE-2016-9366.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa NPort", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa NPort" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Moxa NPort Device brute force" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa NPort", + "version": { + "version_data": [ + { + "version_value": "Moxa NPort" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" - }, - { - "name" : "85965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Moxa NPort Device brute force" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02" + }, + { + "name": "85965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85965" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9564.json b/2016/9xxx/CVE-2016-9564.json index 435b384139a..b7719c56245 100644 --- a/2016/9xxx/CVE-2016-9564.json +++ b/2016/9xxx/CVE-2016-9564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r", - "refsource" : "MISC", - "url" : "http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r" - }, - { - "name" : "94599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r", + "refsource": "MISC", + "url": "http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r" + }, + { + "name": "94599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94599" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9796.json b/2016/9xxx/CVE-2016-9796.json index 98606fc022f..6fd15d5cd51 100644 --- a/2016/9xxx/CVE-2016-9796.json +++ b/2016/9xxx/CVE-2016-9796.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\\SYSTEM on the server. NOTE: The discoverer states \"The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40862", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40862/" - }, - { - "name" : "http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html", - "refsource" : "MISC", - "url" : "http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html" - }, - { - "name" : "https://github.com/malerisch/omnivista-8770-unauth-rce", - "refsource" : "MISC", - "url" : "https://github.com/malerisch/omnivista-8770-unauth-rce" - }, - { - "name" : "https://www.youtube.com/watch?v=aq37lQKa9sk", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=aq37lQKa9sk" - }, - { - "name" : "94649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\\SYSTEM on the server. NOTE: The discoverer states \"The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94649" + }, + { + "name": "40862", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40862/" + }, + { + "name": "https://www.youtube.com/watch?v=aq37lQKa9sk", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=aq37lQKa9sk" + }, + { + "name": "https://github.com/malerisch/omnivista-8770-unauth-rce", + "refsource": "MISC", + "url": "https://github.com/malerisch/omnivista-8770-unauth-rce" + }, + { + "name": "http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html", + "refsource": "MISC", + "url": "http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2248.json b/2019/2xxx/CVE-2019-2248.json index e2f211ed17b..4a2c9328cf1 100644 --- a/2019/2xxx/CVE-2019-2248.json +++ b/2019/2xxx/CVE-2019-2248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2248", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2248", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2416.json b/2019/2xxx/CVE-2019-2416.json index 4bfca9c237a..47cb0b999b9 100644 --- a/2019/2xxx/CVE-2019-2416.json +++ b/2019/2xxx/CVE-2019-2416.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.55" - }, - { - "version_affected" : "=", - "version_value" : "8.56" - }, - { - "version_affected" : "=", - "version_value" : "8.57" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.55" + }, + { + "version_affected": "=", + "version_value": "8.56" + }, + { + "version_affected": "=", + "version_value": "8.57" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Server). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106586" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2489.json b/2019/2xxx/CVE-2019-2489.json index 264352571e1..738c8b13f86 100644 --- a/2019/2xxx/CVE-2019-2489.json +++ b/2019/2xxx/CVE-2019-2489.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "One-to-One Fulfillment", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - }, - { - "version_affected" : "=", - "version_value" : "12.2.8" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + }, + { + "version_affected": "=", + "version_value": "12.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106620" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2552.json b/2019/2xxx/CVE-2019-2552.json index 8e8981bb5d4..28031efae58 100644 --- a/2019/2xxx/CVE-2019-2552.json +++ b/2019/2xxx/CVE-2019-2552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.24" - }, - { - "version_affected" : "<", - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.24" + }, + { + "version_affected": "<", + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "106568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106568" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2891.json b/2019/2xxx/CVE-2019-2891.json index 5907aec42cd..c38aed76ebe 100644 --- a/2019/2xxx/CVE-2019-2891.json +++ b/2019/2xxx/CVE-2019-2891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3398.json b/2019/3xxx/CVE-2019-3398.json index acdf8aa4d92..5b5706e7a3f 100644 --- a/2019/3xxx/CVE-2019-3398.json +++ b/2019/3xxx/CVE-2019-3398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3453.json b/2019/3xxx/CVE-2019-3453.json index 6261162f020..5bbfdfa9a97 100644 --- a/2019/3xxx/CVE-2019-3453.json +++ b/2019/3xxx/CVE-2019-3453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3512.json b/2019/3xxx/CVE-2019-3512.json index c3ede2a1ebc..31c986265a3 100644 --- a/2019/3xxx/CVE-2019-3512.json +++ b/2019/3xxx/CVE-2019-3512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3892.json b/2019/3xxx/CVE-2019-3892.json index 46eb35cebf5..389b324f4e8 100644 --- a/2019/3xxx/CVE-2019-3892.json +++ b/2019/3xxx/CVE-2019-3892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6596.json b/2019/6xxx/CVE-2019-6596.json index 3f09bec94b6..c5b64e8fcc5 100644 --- a/2019/6xxx/CVE-2019-6596.json +++ b/2019/6xxx/CVE-2019-6596.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2019-03-11T00:00:00", - "ID" : "CVE-2019-6596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (APM)", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, 11.5.1-11.5.8" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2019-03-11T00:00:00", + "ID": "CVE-2019-6596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (APM)", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, 11.5.1-11.5.8" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K97241515", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K97241515" - }, - { - "name" : "107403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K97241515", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K97241515" + }, + { + "name": "107403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107403" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6701.json b/2019/6xxx/CVE-2019-6701.json index 6119ef45595..4b07407eed1 100644 --- a/2019/6xxx/CVE-2019-6701.json +++ b/2019/6xxx/CVE-2019-6701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6912.json b/2019/6xxx/CVE-2019-6912.json index f049882c0a8..e5145fc5678 100644 --- a/2019/6xxx/CVE-2019-6912.json +++ b/2019/6xxx/CVE-2019-6912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7136.json b/2019/7xxx/CVE-2019-7136.json index 79535c80fc6..6f2bb531225 100644 --- a/2019/7xxx/CVE-2019-7136.json +++ b/2019/7xxx/CVE-2019-7136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7139.json b/2019/7xxx/CVE-2019-7139.json index 4fa7c3d0daf..e8c37d1bae0 100644 --- a/2019/7xxx/CVE-2019-7139.json +++ b/2019/7xxx/CVE-2019-7139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7139", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7139", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7736.json b/2019/7xxx/CVE-2019-7736.json index 45769bd0436..668034fc72f 100644 --- a/2019/7xxx/CVE-2019-7736.json +++ b/2019/7xxx/CVE-2019-7736.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.youtube.com/watch?v=uaT8vX06Jjs", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=uaT8vX06Jjs" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=uaT8vX06Jjs", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=uaT8vX06Jjs" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7826.json b/2019/7xxx/CVE-2019-7826.json index b30d316c973..3317b627d94 100644 --- a/2019/7xxx/CVE-2019-7826.json +++ b/2019/7xxx/CVE-2019-7826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7826", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7826", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file