From 8540885fd96cbe30359de9d5262df9125cc6672b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:58:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/0xxx/CVE-2007-0040.json | 220 ++++++++--------- 2007/0xxx/CVE-2007-0096.json | 150 ++++++------ 2007/0xxx/CVE-2007-0117.json | 160 ++++++------ 2007/1xxx/CVE-2007-1726.json | 170 ++++++------- 2007/3xxx/CVE-2007-3122.json | 240 +++++++++--------- 2007/3xxx/CVE-2007-3197.json | 130 +++++----- 2007/3xxx/CVE-2007-3452.json | 160 ++++++------ 2007/3xxx/CVE-2007-3503.json | 350 +++++++++++++------------- 2007/4xxx/CVE-2007-4096.json | 160 ++++++------ 2007/4xxx/CVE-2007-4388.json | 140 +++++------ 2007/4xxx/CVE-2007-4753.json | 180 +++++++------- 2007/4xxx/CVE-2007-4830.json | 160 ++++++------ 2007/4xxx/CVE-2007-4855.json | 34 +-- 2007/4xxx/CVE-2007-4908.json | 170 ++++++------- 2007/4xxx/CVE-2007-4966.json | 170 ++++++------- 2014/5xxx/CVE-2014-5393.json | 180 +++++++------- 2014/5xxx/CVE-2014-5806.json | 140 +++++------ 2014/5xxx/CVE-2014-5984.json | 140 +++++------ 2014/5xxx/CVE-2014-5991.json | 140 +++++------ 2015/2xxx/CVE-2015-2153.json | 280 ++++++++++----------- 2015/2xxx/CVE-2015-2442.json | 140 +++++------ 2015/6xxx/CVE-2015-6029.json | 140 +++++------ 2015/6xxx/CVE-2015-6056.json | 130 +++++----- 2015/6xxx/CVE-2015-6123.json | 140 +++++------ 2015/6xxx/CVE-2015-6682.json | 240 +++++++++--------- 2015/7xxx/CVE-2015-7016.json | 130 +++++----- 2015/7xxx/CVE-2015-7619.json | 140 +++++------ 2015/7xxx/CVE-2015-7631.json | 220 ++++++++--------- 2015/7xxx/CVE-2015-7895.json | 160 ++++++------ 2016/0xxx/CVE-2016-0244.json | 130 +++++----- 2016/0xxx/CVE-2016-0448.json | 380 ++++++++++++++--------------- 2016/0xxx/CVE-2016-0636.json | 340 +++++++++++++------------- 2016/0xxx/CVE-2016-0963.json | 190 +++++++-------- 2016/1000xxx/CVE-2016-1000145.json | 140 +++++------ 2016/10xxx/CVE-2016-10120.json | 130 +++++----- 2016/10xxx/CVE-2016-10433.json | 132 +++++----- 2016/10xxx/CVE-2016-10581.json | 122 ++++----- 2016/4xxx/CVE-2016-4037.json | 220 ++++++++--------- 2016/4xxx/CVE-2016-4163.json | 150 ++++++------ 2016/4xxx/CVE-2016-4287.json | 150 ++++++------ 2016/4xxx/CVE-2016-4619.json | 34 +-- 2016/4xxx/CVE-2016-4768.json | 210 ++++++++-------- 2016/9xxx/CVE-2016-9784.json | 34 +-- 2019/2xxx/CVE-2019-2494.json | 142 +++++------ 2019/2xxx/CVE-2019-2518.json | 34 +-- 2019/3xxx/CVE-2019-3074.json | 34 +-- 2019/3xxx/CVE-2019-3178.json | 34 +-- 2019/3xxx/CVE-2019-3250.json | 34 +-- 2019/3xxx/CVE-2019-3357.json | 34 +-- 2019/3xxx/CVE-2019-3563.json | 34 +-- 2019/4xxx/CVE-2019-4723.json | 34 +-- 2019/6xxx/CVE-2019-6254.json | 34 +-- 2019/6xxx/CVE-2019-6497.json | 120 ++++----- 2019/6xxx/CVE-2019-6847.json | 34 +-- 2019/6xxx/CVE-2019-6973.json | 58 +---- 2019/7xxx/CVE-2019-7049.json | 34 +-- 2019/7xxx/CVE-2019-7254.json | 34 +-- 2019/7xxx/CVE-2019-7470.json | 34 +-- 2019/7xxx/CVE-2019-7905.json | 34 +-- 2019/7xxx/CVE-2019-7912.json | 34 +-- 2019/8xxx/CVE-2019-8226.json | 34 +-- 2019/8xxx/CVE-2019-8492.json | 34 +-- 2019/8xxx/CVE-2019-8510.json | 34 +-- 2019/9xxx/CVE-2019-9208.json | 150 ++++++------ 2019/9xxx/CVE-2019-9468.json | 34 +-- 2019/9xxx/CVE-2019-9514.json | 34 +-- 66 files changed, 4169 insertions(+), 4223 deletions(-) diff --git a/2007/0xxx/CVE-2007-0040.json b/2007/0xxx/CVE-2007-0040.json index f745ae13925..a9f6a6b3039 100644 --- a/2007/0xxx/CVE-2007-0040.json +++ b/2007/0xxx/CVE-2007-0040.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of \"convertible attributes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-0040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070710 Microsoft Windows Active Directory Remote Code Execution", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/267.html" - }, - { - "name" : "SSRT071446", - "refsource" : "HP", - "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" - }, - { - "name" : "MS07-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" - }, - { - "name" : "TA07-191A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" - }, - { - "name" : "VU#487905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/487905" - }, - { - "name" : "24800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24800" - }, - { - "name" : "35960", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35960" - }, - { - "name" : "ADV-2007-2481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2481" - }, - { - "name" : "oval:org.mitre.oval:def:2012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012" - }, - { - "name" : "1018355", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018355" - }, - { - "name" : "26002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of \"convertible attributes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT071446", + "refsource": "HP", + "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" + }, + { + "name": "24800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24800" + }, + { + "name": "oval:org.mitre.oval:def:2012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012" + }, + { + "name": "20070710 Microsoft Windows Active Directory Remote Code Execution", + "refsource": "ISS", + "url": "http://www.iss.net/threats/267.html" + }, + { + "name": "1018355", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018355" + }, + { + "name": "26002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26002" + }, + { + "name": "35960", + "refsource": "OSVDB", + "url": "http://osvdb.org/35960" + }, + { + "name": "VU#487905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/487905" + }, + { + "name": "ADV-2007-2481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2481" + }, + { + "name": "TA07-191A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" + }, + { + "name": "MS07-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0096.json b/2007/0xxx/CVE-2007-0096.json index 576db63f98f..1bfddab67e3 100644 --- a/2007/0xxx/CVE-2007-0096.json +++ b/2007/0xxx/CVE-2007-0096.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aria-security.com/forum/showthread.php?t=85", - "refsource" : "MISC", - "url" : "http://aria-security.com/forum/showthread.php?t=85" - }, - { - "name" : "ADV-2007-0038", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0038" - }, - { - "name" : "37549", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37549" - }, - { - "name" : "carboncommunities-carbon2-info-disclosure(31253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aria-security.com/forum/showthread.php?t=85", + "refsource": "MISC", + "url": "http://aria-security.com/forum/showthread.php?t=85" + }, + { + "name": "37549", + "refsource": "OSVDB", + "url": "http://osvdb.org/37549" + }, + { + "name": "carboncommunities-carbon2-info-disclosure(31253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31253" + }, + { + "name": "ADV-2007-0038", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0038" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0117.json b/2007/0xxx/CVE-2007-0117.json index 94c280f930f..351afae0e88 100644 --- a/2007/0xxx/CVE-2007-0117.json +++ b/2007/0xxx/CVE-2007-0117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/moab/MOAB-05-01-2007.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/moab/MOAB-05-01-2007.html" - }, - { - "name" : "21899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21899" - }, - { - "name" : "ADV-2007-0074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0074" - }, - { - "name" : "31167", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31167" - }, - { - "name" : "23653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23653" + }, + { + "name": "http://projects.info-pull.com/moab/MOAB-05-01-2007.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/moab/MOAB-05-01-2007.html" + }, + { + "name": "21899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21899" + }, + { + "name": "ADV-2007-0074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0074" + }, + { + "name": "31167", + "refsource": "OSVDB", + "url": "http://osvdb.org/31167" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1726.json b/2007/1xxx/CVE-2007-1726.json index e5de35ca296..45d8750a8f5 100644 --- a/2007/1xxx/CVE-2007-1726.json +++ b/2007/1xxx/CVE-2007-1726.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3581", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3581" - }, - { - "name" : "23151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23151" - }, - { - "name" : "ADV-2007-1116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1116" - }, - { - "name" : "34498", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34498" - }, - { - "name" : "24644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24644" - }, - { - "name" : "icebb-index-file-upload(33242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24644" + }, + { + "name": "ADV-2007-1116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1116" + }, + { + "name": "icebb-index-file-upload(33242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33242" + }, + { + "name": "3581", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3581" + }, + { + "name": "23151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23151" + }, + { + "name": "34498", + "refsource": "OSVDB", + "url": "http://osvdb.org/34498" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3122.json b/2007/3xxx/CVE-2007-3122.json index ad9988911ad..8fdd1050cc3 100644 --- a/2007/3xxx/CVE-2007-3122.json +++ b/2007/3xxx/CVE-2007-3122.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Clamav-announce] 20070530 announcing ClamAV 0.90.3", - "refsource" : "MLIST", - "url" : "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html" - }, - { - "name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-15.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-15.txt" - }, - { - "name" : "DSA-1320", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1320" - }, - { - "name" : "GLSA-200706-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-05.xml" - }, - { - "name" : "SUSE-SA:2007:033", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" - }, - { - "name" : "45392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45392" - }, - { - "name" : "25523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25523" - }, - { - "name" : "25525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25525" - }, - { - "name" : "25688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25688" - }, - { - "name" : "25796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25796" - }, - { - "name" : "clamav-rar-security-bypass(34823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25796" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511" + }, + { + "name": "SUSE-SA:2007:033", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html" + }, + { + "name": "25525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25525" + }, + { + "name": "clamav-rar-security-bypass(34823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823" + }, + { + "name": "25523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25523" + }, + { + "name": "DSA-1320", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1320" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-15.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-15.txt" + }, + { + "name": "25688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25688" + }, + { + "name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3", + "refsource": "MLIST", + "url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html" + }, + { + "name": "45392", + "refsource": "OSVDB", + "url": "http://osvdb.org/45392" + }, + { + "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog" + }, + { + "name": "GLSA-200706-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3197.json b/2007/3xxx/CVE-2007-3197.json index cddd892680b..2d0e4c21a9a 100644 --- a/2007/3xxx/CVE-2007-3197.json +++ b/2007/3xxx/CVE-2007-3197.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vbulletin.org/forum/showthread.php?t=94023&page=38", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.org/forum/showthread.php?t=94023&page=38" - }, - { - "name" : "37162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37162", + "refsource": "OSVDB", + "url": "http://osvdb.org/37162" + }, + { + "name": "http://www.vbulletin.org/forum/showthread.php?t=94023&page=38", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.org/forum/showthread.php?t=94023&page=38" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3452.json b/2007/3xxx/CVE-2007-3452.json index 20148fb8ebe..9bb39712a6e 100644 --- a/2007/3xxx/CVE-2007-3452.json +++ b/2007/3xxx/CVE-2007-3452.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4108", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4108" - }, - { - "name" : "ADV-2007-2327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2327" - }, - { - "name" : "36292", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36292" - }, - { - "name" : "25831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25831" - }, - { - "name" : "edocstore-doc-sql-injection(35057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2327" + }, + { + "name": "4108", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4108" + }, + { + "name": "25831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25831" + }, + { + "name": "edocstore-doc-sql-injection(35057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35057" + }, + { + "name": "36292", + "refsource": "OSVDB", + "url": "http://osvdb.org/36292" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3503.json b/2007/3xxx/CVE-2007-3503.json index 317fe574469..6c7058241f2 100644 --- a/2007/3xxx/CVE-2007-3503.json +++ b/2007/3xxx/CVE-2007-3503.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307177", - "refsource" : "MISC", - "url" : "http://docs.info.apple.com/article.html?artnum=307177" - }, - { - "name" : "APPLE-SA-2007-12-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" - }, - { - "name" : "BEA07-177.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/248" - }, - { - "name" : "GLSA-200709-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" - }, - { - "name" : "RHSA-2007:0818", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0818.html" - }, - { - "name" : "RHSA-2007:0829", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0829.html" - }, - { - "name" : "RHSA-2007:0956", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0956.html" - }, - { - "name" : "102958", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1" - }, - { - "name" : "24690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24690" - }, - { - "name" : "36488", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36488" - }, - { - "name" : "oval:org.mitre.oval:def:10704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704" - }, - { - "name" : "ADV-2007-2383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2383" - }, - { - "name" : "ADV-2007-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3009" - }, - { - "name" : "ADV-2007-4224", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4224" - }, - { - "name" : "1018327", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018327" - }, - { - "name" : "25769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25769" - }, - { - "name" : "26314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26314" - }, - { - "name" : "26369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26369" - }, - { - "name" : "26631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26631" - }, - { - "name" : "26933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26933" - }, - { - "name" : "27203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27203" - }, - { - "name" : "26645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26645" - }, - { - "name" : "28115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28115" - }, - { - "name" : "sun-jdk-javadoc-xss(35168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2007:0818", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html" + }, + { + "name": "oval:org.mitre.oval:def:10704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704" + }, + { + "name": "26933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26933" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307177", + "refsource": "MISC", + "url": "http://docs.info.apple.com/article.html?artnum=307177" + }, + { + "name": "36488", + "refsource": "OSVDB", + "url": "http://osvdb.org/36488" + }, + { + "name": "26314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26314" + }, + { + "name": "BEA07-177.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/248" + }, + { + "name": "sun-jdk-javadoc-xss(35168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35168" + }, + { + "name": "25769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25769" + }, + { + "name": "26369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26369" + }, + { + "name": "102958", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1" + }, + { + "name": "APPLE-SA-2007-12-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html" + }, + { + "name": "RHSA-2007:0956", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html" + }, + { + "name": "26645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26645" + }, + { + "name": "ADV-2007-4224", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4224" + }, + { + "name": "ADV-2007-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3009" + }, + { + "name": "GLSA-200709-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml" + }, + { + "name": "28115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28115" + }, + { + "name": "ADV-2007-2383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2383" + }, + { + "name": "27203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27203" + }, + { + "name": "1018327", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018327" + }, + { + "name": "RHSA-2007:0829", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html" + }, + { + "name": "24690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24690" + }, + { + "name": "26631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26631" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4096.json b/2007/4xxx/CVE-2007-4096.json index 8ddbd20544f..4758975222d 100644 --- a/2007/4xxx/CVE-2007-4096.json +++ b/2007/4xxx/CVE-2007-4096.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20070723 Tor 0.1.2.15 is released", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jul-2007/msg00000.html" - }, - { - "name" : "25035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25035" - }, - { - "name" : "ADV-2007-2634", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2634" - }, - { - "name" : "46968", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46968" - }, - { - "name" : "26140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46968", + "refsource": "OSVDB", + "url": "http://osvdb.org/46968" + }, + { + "name": "25035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25035" + }, + { + "name": "26140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26140" + }, + { + "name": "ADV-2007-2634", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2634" + }, + { + "name": "[or-announce] 20070723 Tor 0.1.2.15 is released", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jul-2007/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4388.json b/2007/4xxx/CVE-2007-4388.json index 26f67409c79..991b15fd030 100644 --- a/2007/4xxx/CVE-2007-4388.json +++ b/2007/4xxx/CVE-2007-4388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070815 Cross Site Request Forgery in 2wire routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476595/100/0/threaded" - }, - { - "name" : "3026", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3026" - }, - { - "name" : "2wire-default-password(36043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3026", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3026" + }, + { + "name": "20070815 Cross Site Request Forgery in 2wire routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476595/100/0/threaded" + }, + { + "name": "2wire-default-password(36043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36043" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4753.json b/2007/4xxx/CVE-2007-4753.json index c48e595e3b7..d342905a329 100644 --- a/2007/4xxx/CVE-2007-4753.json +++ b/2007/4xxx/CVE-2007-4753.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070827 DOS vulnerability on Thomson SIP phone ST 2030 using the TO Header", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065458.html" - }, - { - "name" : "20070828 DOS vulnerability on Thomson SIP phone ST 2030 using an empty packet", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065478.html" - }, - { - "name" : "1018611", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018611" - }, - { - "name" : "1018616", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018616" - }, - { - "name" : "26587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26587" - }, - { - "name" : "3104", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3104" - }, - { - "name" : "thomson-sippacket-dos(36286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3104", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3104" + }, + { + "name": "26587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26587" + }, + { + "name": "1018611", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018611" + }, + { + "name": "20070827 DOS vulnerability on Thomson SIP phone ST 2030 using the TO Header", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065458.html" + }, + { + "name": "1018616", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018616" + }, + { + "name": "thomson-sippacket-dos(36286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36286" + }, + { + "name": "20070828 DOS vulnerability on Thomson SIP phone ST 2030 using an empty packet", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065478.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4830.json b/2007/4xxx/CVE-2007-4830.json index a507ce3a91f..c0c93dce583 100644 --- a/2007/4xxx/CVE-2007-4830.json +++ b/2007/4xxx/CVE-2007-4830.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html" - }, - { - "name" : "25607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25607" - }, - { - "name" : "36999", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36999" - }, - { - "name" : "26742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26742" - }, - { - "name" : "directadmin-user-parameter-xss(36510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html" + }, + { + "name": "26742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26742" + }, + { + "name": "36999", + "refsource": "OSVDB", + "url": "http://osvdb.org/36999" + }, + { + "name": "25607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25607" + }, + { + "name": "directadmin-user-parameter-xss(36510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36510" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4855.json b/2007/4xxx/CVE-2007-4855.json index e6d70a1153b..d42090d605a 100644 --- a/2007/4xxx/CVE-2007-4855.json +++ b/2007/4xxx/CVE-2007-4855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4908.json b/2007/4xxx/CVE-2007-4908.json index 880c4cb0671..f2f0024ef29 100644 --- a/2007/4xxx/CVE-2007-4908.json +++ b/2007/4xxx/CVE-2007-4908.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4390", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4390" - }, - { - "name" : "http://www.auracms.org/?pilih=news&aksi=lihat&id=117", - "refsource" : "MISC", - "url" : "http://www.auracms.org/?pilih=news&aksi=lihat&id=117" - }, - { - "name" : "25619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25619" - }, - { - "name" : "40504", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40504" - }, - { - "name" : "26747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26747" - }, - { - "name" : "auracms-index-file-include(36541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "auracms-index-file-include(36541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36541" + }, + { + "name": "4390", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4390" + }, + { + "name": "40504", + "refsource": "OSVDB", + "url": "http://osvdb.org/40504" + }, + { + "name": "http://www.auracms.org/?pilih=news&aksi=lihat&id=117", + "refsource": "MISC", + "url": "http://www.auracms.org/?pilih=news&aksi=lihat&id=117" + }, + { + "name": "26747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26747" + }, + { + "name": "25619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25619" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4966.json b/2007/4xxx/CVE-2007-4966.json index e85b8dda6c3..c5d15d66ae1 100644 --- a/2007/4xxx/CVE-2007-4966.json +++ b/2007/4xxx/CVE-2007-4966.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4404", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4404" - }, - { - "name" : "http://www.portcullis.co.uk/179.php", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/179.php" - }, - { - "name" : "25665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25665" - }, - { - "name" : "ADV-2007-3174", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3174" - }, - { - "name" : "26803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26803" - }, - { - "name" : "gforge-editprofile-sql-injection(48844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26803" + }, + { + "name": "http://www.portcullis.co.uk/179.php", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/179.php" + }, + { + "name": "25665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25665" + }, + { + "name": "4404", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4404" + }, + { + "name": "ADV-2007-3174", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3174" + }, + { + "name": "gforge-editprofile-sql-injection(48844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48844" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5393.json b/2014/5xxx/CVE-2014-5393.json index 7a3061c42be..f9f2cc44244 100644 --- a/2014/5xxx/CVE-2014-5393.json +++ b/2014/5xxx/CVE-2014-5393.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533373/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html" - }, - { - "name" : "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt", - "refsource" : "MISC", - "url" : "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt" - }, - { - "name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73", - "refsource" : "CONFIRM", - "url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73" - }, - { - "name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74", - "refsource" : "CONFIRM", - "url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74" - }, - { - "name" : "https://change.sos-berlin.com/browse/JS-1205", - "refsource" : "CONFIRM", - "url" : "https://change.sos-berlin.com/browse/JS-1205" - }, - { - "name" : "jobscheduler-cve20145393-dir-traversal(95796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt", + "refsource": "MISC", + "url": "http://www.christian-schneider.net/advisories/CVE-2014-5393.txt" + }, + { + "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73", + "refsource": "CONFIRM", + "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73" + }, + { + "name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74", + "refsource": "CONFIRM", + "url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74" + }, + { + "name": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html" + }, + { + "name": "https://change.sos-berlin.com/browse/JS-1205", + "refsource": "CONFIRM", + "url": "https://change.sos-berlin.com/browse/JS-1205" + }, + { + "name": "20140907 CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in \"JobScheduler\"", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533373/100/0/threaded" + }, + { + "name": "jobscheduler-cve20145393-dir-traversal(95796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95796" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5806.json b/2014/5xxx/CVE-2014-5806.json index 2f64240554d..bd1dd596a6b 100644 --- a/2014/5xxx/CVE-2014-5806.json +++ b/2014/5xxx/CVE-2014-5806.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#971897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/971897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#971897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/971897" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5984.json b/2014/5xxx/CVE-2014-5984.json index 1a67b66eea6..27de6da754e 100644 --- a/2014/5xxx/CVE-2014-5984.json +++ b/2014/5xxx/CVE-2014-5984.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#930273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/930273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#930273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/930273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5991.json b/2014/5xxx/CVE-2014-5991.json index 522056e39df..80d3def8d6e 100644 --- a/2014/5xxx/CVE-2014-5991.json +++ b/2014/5xxx/CVE-2014-5991.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#397345", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/397345" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#397345", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/397345" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2153.json b/2015/2xxx/CVE-2015-2153.json index f0556ba5e7a..89b56971e9b 100644 --- a/2015/2xxx/CVE-2015-2153.json +++ b/2015/2xxx/CVE-2015-2153.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150309 tcpdump 4.7.2 remote crashes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534829/100/0/threaded" - }, - { - "name" : "37663", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37663/" - }, - { - "name" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201795", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201795" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0114.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0114.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "DSA-3193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3193" - }, - { - "name" : "FEDORA-2015-4939", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" - }, - { - "name" : "FEDORA-2015-4804", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html" - }, - { - "name" : "GLSA-201510-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-04" - }, - { - "name" : "MDVSA-2015:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" - }, - { - "name" : "MDVSA-2015:182", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "openSUSE-SU-2015:0616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" - }, - { - "name" : "USN-2580-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2580-1" - }, - { - "name" : "73018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73018" - }, - { - "name" : "1031937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-4939", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html" + }, + { + "name": "MDVSA-2015:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:125" + }, + { + "name": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html" + }, + { + "name": "73018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73018" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "1031937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031937" + }, + { + "name": "GLSA-201510-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-04" + }, + { + "name": "37663", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37663/" + }, + { + "name": "FEDORA-2015-4804", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0114.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0114.html" + }, + { + "name": "USN-2580-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2580-1" + }, + { + "name": "20150309 tcpdump 4.7.2 remote crashes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534829/100/0/threaded" + }, + { + "name": "openSUSE-SU-2015:0616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1201795", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201795" + }, + { + "name": "MDVSA-2015:182", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:182" + }, + { + "name": "DSA-3193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3193" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2442.json b/2015/2xxx/CVE-2015-2442.json index ad031fb4685..ca34a5d4a9f 100644 --- a/2015/2xxx/CVE-2015-2442.json +++ b/2015/2xxx/CVE-2015-2442.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2444." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" - }, - { - "name" : "MS15-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" - }, - { - "name" : "1033237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2444." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033237" + }, + { + "name": "MS15-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091" + }, + { + "name": "MS15-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6029.json b/2015/6xxx/CVE-2015-6029.json index 8dba4f5e86e..b0b2a12aca0 100644 --- a/2015/6xxx/CVE-2015-6029.json +++ b/2015/6xxx/CVE-2015-6029.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-6029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612" - }, - { - "name" : "VU#842252", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/842252" - }, - { - "name" : "77128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77128" + }, + { + "name": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04863612" + }, + { + "name": "VU#842252", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/842252" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6056.json b/2015/6xxx/CVE-2015-6056.json index e21412fdca7..246459134aa 100644 --- a/2015/6xxx/CVE-2015-6056.json +++ b/2015/6xxx/CVE-2015-6056.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-106", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" - }, - { - "name" : "1033800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033800" + }, + { + "name": "MS15-106", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6123.json b/2015/6xxx/CVE-2015-6123.json index c8fd8165403..d1f64bcb4c0 100644 --- a/2015/6xxx/CVE-2015-6123.json +++ b/2015/6xxx/CVE-2015-6123.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-6123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-116", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116" - }, - { - "name" : "77525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77525" - }, - { - "name" : "1034122", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka \"Microsoft Outlook for Mac Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034122", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034122" + }, + { + "name": "MS15-116", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116" + }, + { + "name": "77525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77525" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6682.json b/2015/6xxx/CVE-2015-6682.json index 68ed0571efc..f87a72199db 100644 --- a/2015/6xxx/CVE-2015-6682.json +++ b/2015/6xxx/CVE-2015-6682.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-6682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76795" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "76795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76795" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7016.json b/2015/7xxx/CVE-2015-7016.json index 96feca4b21e..f44c63eea94 100644 --- a/2015/7xxx/CVE-2015-7016.json +++ b/2015/7xxx/CVE-2015-7016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-7016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7619.json b/2015/7xxx/CVE-2015-7619.json index 824de2e11b2..16219f04540 100644 --- a/2015/7xxx/CVE-2015-7619.json +++ b/2015/7xxx/CVE-2015-7619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7620, and CVE-2015-7623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-7619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-500", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-500" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" - }, - { - "name" : "1033796", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7620, and CVE-2015-7623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-500", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-500" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb15-24.html" + }, + { + "name": "1033796", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033796" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7631.json b/2015/7xxx/CVE-2015-7631.json index 8b46a884b12..0b54365678e 100644 --- a/2015/7xxx/CVE-2015-7631.json +++ b/2015/7xxx/CVE-2015-7631.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-7631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-513", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-513" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html" - }, - { - "name" : "GLSA-201511-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201511-02" - }, - { - "name" : "RHSA-2015:2024", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2024.html" - }, - { - "name" : "RHSA-2015:1893", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1893.html" - }, - { - "name" : "SUSE-SU-2015:1740", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:1742", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:1744", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "77061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77061" - }, - { - "name" : "1033797", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-513", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-513" + }, + { + "name": "RHSA-2015:2024", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html" + }, + { + "name": "openSUSE-SU-2015:1744", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html" + }, + { + "name": "77061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77061" + }, + { + "name": "SUSE-SU-2015:1742", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html" + }, + { + "name": "RHSA-2015:1893", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1893.html" + }, + { + "name": "GLSA-201511-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201511-02" + }, + { + "name": "1033797", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033797" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html" + }, + { + "name": "SUSE-SU-2015:1740", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7895.json b/2015/7xxx/CVE-2015-7895.json index a0579cd39f3..b6fe3ddb8d1 100644 --- a/2015/7xxx/CVE-2015-7895.json +++ b/2015/7xxx/CVE-2015-7895.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38613", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38613/" - }, - { - "name" : "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1" - }, - { - "name" : "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html", - "refsource" : "CONFIRM", - "url" : "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html" - }, - { - "name" : "77429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html" + }, + { + "name": "38613", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38613/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1" + }, + { + "name": "77429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77429" + }, + { + "name": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html", + "refsource": "CONFIRM", + "url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0244.json b/2016/0xxx/CVE-2016-0244.json index 3595a8b3db2..787fb297fd3 100644 --- a/2016/0xxx/CVE-2016-0244.json +++ b/2016/0xxx/CVE-2016-0244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21975358", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21975358" - }, - { - "name" : "PI55327", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21975358", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21975358" + }, + { + "name": "PI55327", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0448.json b/2016/0xxx/CVE-2016-0448.json index 671265f7194..96bb7dde25a 100644 --- a/2016/0xxx/CVE-2016-0448.json +++ b/2016/0xxx/CVE-2016-0448.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3465", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3465" - }, - { - "name" : "DSA-3458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3458" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "RHSA-2016:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:1430" - }, - { - "name" : "RHSA-2016:0049", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0049.html" - }, - { - "name" : "RHSA-2016:0050", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0050.html" - }, - { - "name" : "RHSA-2016:0053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0053.html" - }, - { - "name" : "RHSA-2016:0054", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0054.html" - }, - { - "name" : "RHSA-2016:0055", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0055.html" - }, - { - "name" : "RHSA-2016:0056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0056.html" - }, - { - "name" : "RHSA-2016:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0057.html" - }, - { - "name" : "RHSA-2016:0067", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0067.html" - }, - { - "name" : "SUSE-SU-2016:0256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" - }, - { - "name" : "SUSE-SU-2016:0269", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" - }, - { - "name" : "openSUSE-SU-2016:0263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" - }, - { - "name" : "openSUSE-SU-2016:0268", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "openSUSE-SU-2016:0272", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:0279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" - }, - { - "name" : "USN-2884-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2884-1" - }, - { - "name" : "USN-2885-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2885-1" - }, - { - "name" : "81123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81123" - }, - { - "name" : "1034715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0272", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" + }, + { + "name": "1034715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034715" + }, + { + "name": "openSUSE-SU-2016:0279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "USN-2884-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2884-1" + }, + { + "name": "DSA-3465", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3465" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "USN-2885-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2885-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2016:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:1430" + }, + { + "name": "81123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81123" + }, + { + "name": "RHSA-2016:0049", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "RHSA-2016:0053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html" + }, + { + "name": "SUSE-SU-2016:0269", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" + }, + { + "name": "RHSA-2016:0067", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html" + }, + { + "name": "openSUSE-SU-2016:0263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" + }, + { + "name": "SUSE-SU-2016:0256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "RHSA-2016:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" + }, + { + "name": "RHSA-2016:0055", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" + }, + { + "name": "RHSA-2016:0054", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html" + }, + { + "name": "RHSA-2016:0056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" + }, + { + "name": "openSUSE-SU-2016:0268", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" + }, + { + "name": "RHSA-2016:0050", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html" + }, + { + "name": "DSA-3458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3458" + }, + { + "name": "SUSE-SU-2016:0265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0636.json b/2016/0xxx/CVE-2016-0636.json index eb70cec38e6..d8ef50f59ed 100644 --- a/2016/0xxx/CVE-2016-0636.json +++ b/2016/0xxx/CVE-2016-0636.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20160328-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20160328-0001/" - }, - { - "name" : "DSA-3558", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3558" - }, - { - "name" : "GLSA-201606-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-18" - }, - { - "name" : "GLSA-201610-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-08" - }, - { - "name" : "RHSA-2016:0516", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0516.html" - }, - { - "name" : "RHSA-2016:0511", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0511.html" - }, - { - "name" : "RHSA-2016:0512", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0512.html" - }, - { - "name" : "RHSA-2016:0514", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0514.html" - }, - { - "name" : "RHSA-2016:0515", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0515.html" - }, - { - "name" : "RHSA-2016:0513", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0513.html" - }, - { - "name" : "SUSE-SU-2016:0957", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00004.html" - }, - { - "name" : "SUSE-SU-2016:0956", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00003.html" - }, - { - "name" : "SUSE-SU-2016:0959", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00005.html" - }, - { - "name" : "openSUSE-SU-2016:0971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:0983", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00008.html" - }, - { - "name" : "openSUSE-SU-2016:1004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00014.html" - }, - { - "name" : "openSUSE-SU-2016:1042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00035.html" - }, - { - "name" : "USN-2942-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2942-1" - }, - { - "name" : "85376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/85376" - }, - { - "name" : "1035401", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:0957", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00004.html" + }, + { + "name": "RHSA-2016:0516", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0516.html" + }, + { + "name": "RHSA-2016:0515", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0515.html" + }, + { + "name": "RHSA-2016:0511", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0511.html" + }, + { + "name": "RHSA-2016:0512", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0512.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "GLSA-201610-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-08" + }, + { + "name": "openSUSE-SU-2016:0971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00007.html" + }, + { + "name": "openSUSE-SU-2016:0983", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00008.html" + }, + { + "name": "openSUSE-SU-2016:1005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00014.html" + }, + { + "name": "openSUSE-SU-2016:1042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00035.html" + }, + { + "name": "USN-2942-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2942-1" + }, + { + "name": "GLSA-201606-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-18" + }, + { + "name": "SUSE-SU-2016:0956", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00003.html" + }, + { + "name": "85376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/85376" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20160328-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160328-0001/" + }, + { + "name": "openSUSE-SU-2016:1004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00013.html" + }, + { + "name": "SUSE-SU-2016:0959", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00005.html" + }, + { + "name": "1035401", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035401" + }, + { + "name": "DSA-3558", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3558" + }, + { + "name": "RHSA-2016:0513", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0513.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html" + }, + { + "name": "RHSA-2016:0514", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0514.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0963.json b/2016/0xxx/CVE-2016-0963.json index 50b61dbbb6c..33041961082 100644 --- a/2016/0xxx/CVE-2016-0963.json +++ b/2016/0xxx/CVE-2016-0963.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-0963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" - }, - { - "name" : "GLSA-201603-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-07" - }, - { - "name" : "SUSE-SU-2016:0715", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:0716", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:0719", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:0734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" - }, - { - "name" : "84308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84308" - }, - { - "name" : "1035251", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html" + }, + { + "name": "1035251", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035251" + }, + { + "name": "openSUSE-SU-2016:0719", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html" + }, + { + "name": "GLSA-201603-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-07" + }, + { + "name": "SUSE-SU-2016:0715", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-08.html" + }, + { + "name": "84308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84308" + }, + { + "name": "SUSE-SU-2016:0716", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000145.json b/2016/1000xxx/CVE-2016-1000145.json index 6abb92c23e4..5135bc257de 100644 --- a/2016/1000xxx/CVE-2016-1000145.json +++ b/2016/1000xxx/CVE-2016-1000145.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in wordpress plugin pondol-carousel v1.0" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=524", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=524" - }, - { - "name" : "https://wordpress.org/plugins/pondol-carousel", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/pondol-carousel" - }, - { - "name" : "93586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS in wordpress plugin pondol-carousel v1.0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/pondol-carousel", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/pondol-carousel" + }, + { + "name": "93586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93586" + }, + { + "name": "http://www.vapidlabs.com/wp/wp_advisory.php?v=524", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/wp/wp_advisory.php?v=524" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10120.json b/2016/10xxx/CVE-2016-10120.json index ea1eef9d413..7d17a5996f1 100644 --- a/2016/10xxx/CVE-2016-10120.json +++ b/2016/10xxx/CVE-2016-10120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170105 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/05/4" - }, - { - "name" : "[oss-security] 20170106 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/06/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170105 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/05/4" + }, + { + "name": "[oss-security] 20170106 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/06/2" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10433.json b/2016/10xxx/CVE-2016-10433.json index b80cf9662b7..45a2b24e8cb 100644 --- a/2016/10xxx/CVE-2016-10433.json +++ b/2016/10xxx/CVE-2016-10433.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2016-10433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, TOCTOU vulnerability during SSD image decryption may cause memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "TOCTOU vulnerability in QTEE" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2016-10433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, TOCTOU vulnerability during SSD image decryption may cause memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TOCTOU vulnerability in QTEE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10581.json b/2016/10xxx/CVE-2016-10581.json index f140c6b6e58..953a8abe032 100644 --- a/2016/10xxx/CVE-2016-10581.json +++ b/2016/10xxx/CVE-2016-10581.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2016-10581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "steroids node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data (CWE-311)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2016-10581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "steroids node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/168", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Encryption of Sensitive Data (CWE-311)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/168", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/168" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4037.json b/2016/4xxx/CVE-2016-4037.json index 0ed700e6add..53370ee9476 100644 --- a/2016/4xxx/CVE-2016-4037.json +++ b/2016/4xxx/CVE-2016-4037.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/18/3" - }, - { - "name" : "[oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/18/6" - }, - { - "name" : "[qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html" - }, - { - "name" : "[qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2" - }, - { - "name" : "FEDORA-2016-35d7b09908", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html" - }, - { - "name" : "FEDORA-2016-48e72b7bc5", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html" - }, - { - "name" : "FEDORA-2016-75063477ca", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html" - }, - { - "name" : "USN-2974-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2974-1" - }, - { - "name" : "86283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/18/3" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2" + }, + { + "name": "FEDORA-2016-48e72b7bc5", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html" + }, + { + "name": "FEDORA-2016-35d7b09908", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html" + }, + { + "name": "[qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html" + }, + { + "name": "FEDORA-2016-75063477ca", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html" + }, + { + "name": "USN-2974-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2974-1" + }, + { + "name": "86283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86283" + }, + { + "name": "[qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + }, + { + "name": "[oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/18/6" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4163.json b/2016/4xxx/CVE-2016-4163.json index 1ab54f1be94..58a3fca26ab 100644 --- a/2016/4xxx/CVE-2016-4163.json +++ b/2016/4xxx/CVE-2016-4163.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "GLSA-201606-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-08" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "90618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201606-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-08" + }, + { + "name": "90618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90618" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4287.json b/2016/4xxx/CVE-2016-4287.json index b7129a9cd41..f8b3e088594 100644 --- a/2016/4xxx/CVE-2016-4287.json +++ b/2016/4xxx/CVE-2016-4287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" - }, - { - "name" : "GLSA-201610-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-10" - }, - { - "name" : "RHSA-2016:1865", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html" - }, - { - "name" : "1036791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201610-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-10" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html" + }, + { + "name": "RHSA-2016:1865", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html" + }, + { + "name": "1036791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036791" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4619.json b/2016/4xxx/CVE-2016-4619.json index fffa40163f4..a2804527dff 100644 --- a/2016/4xxx/CVE-2016-4619.json +++ b/2016/4xxx/CVE-2016-4619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4619", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candidate is a reservation duplicate of CVE-2015-8317. Notes: All CVE users should reference CVE-2015-8317 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-4619", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candidate is a reservation duplicate of CVE-2015-8317. Notes: All CVE users should reference CVE-2015-8317 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4768.json b/2016/4xxx/CVE-2016-4768.json index af2f0f187da..8b8d2b25967 100644 --- a/2016/4xxx/CVE-2016-4768.json +++ b/2016/4xxx/CVE-2016-4768.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207142" - }, - { - "name" : "https://support.apple.com/HT207143", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207143" - }, - { - "name" : "https://support.apple.com/HT207157", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207157" - }, - { - "name" : "https://support.apple.com/HT207158", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207158" - }, - { - "name" : "APPLE-SA-2016-09-20-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" - }, - { - "name" : "APPLE-SA-2016-09-20-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" - }, - { - "name" : "APPLE-SA-2016-09-20-6", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" - }, - { - "name" : "APPLE-SA-2016-09-20-7", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" - }, - { - "name" : "93067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93067" - }, - { - "name" : "1036854", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2016-09-20-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT207157", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207157" + }, + { + "name": "https://support.apple.com/HT207158", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207158" + }, + { + "name": "93067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93067" + }, + { + "name": "APPLE-SA-2016-09-20-6", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" + }, + { + "name": "1036854", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036854" + }, + { + "name": "https://support.apple.com/HT207142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207142" + }, + { + "name": "https://support.apple.com/HT207143", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207143" + }, + { + "name": "APPLE-SA-2016-09-20-7", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" + }, + { + "name": "APPLE-SA-2016-09-20-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9784.json b/2016/9xxx/CVE-2016-9784.json index a89b6a632fb..073a8a71199 100644 --- a/2016/9xxx/CVE-2016-9784.json +++ b/2016/9xxx/CVE-2016-9784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9784", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-9784", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2494.json b/2019/2xxx/CVE-2019-2494.json index b6dad8b6af7..2e1db714a20 100644 --- a/2019/2xxx/CVE-2019-2494.json +++ b/2019/2xxx/CVE-2019-2494.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2019-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.13 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2019-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.13 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" - }, - { - "name" : "106625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106625" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2518.json b/2019/2xxx/CVE-2019-2518.json index e8f28e861e5..19a8b40639d 100644 --- a/2019/2xxx/CVE-2019-2518.json +++ b/2019/2xxx/CVE-2019-2518.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2518", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2518", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3074.json b/2019/3xxx/CVE-2019-3074.json index 7cdf52d4757..f478aac70d7 100644 --- a/2019/3xxx/CVE-2019-3074.json +++ b/2019/3xxx/CVE-2019-3074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3178.json b/2019/3xxx/CVE-2019-3178.json index fb0109c7b41..539cc660f43 100644 --- a/2019/3xxx/CVE-2019-3178.json +++ b/2019/3xxx/CVE-2019-3178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3178", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3178", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3250.json b/2019/3xxx/CVE-2019-3250.json index 943ff1e0bc3..b10ec667c6d 100644 --- a/2019/3xxx/CVE-2019-3250.json +++ b/2019/3xxx/CVE-2019-3250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3250", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3250", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3357.json b/2019/3xxx/CVE-2019-3357.json index 2769954ab58..254a13edc6a 100644 --- a/2019/3xxx/CVE-2019-3357.json +++ b/2019/3xxx/CVE-2019-3357.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3357", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3357", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3563.json b/2019/3xxx/CVE-2019-3563.json index b0176c76818..09e5f2486bc 100644 --- a/2019/3xxx/CVE-2019-3563.json +++ b/2019/3xxx/CVE-2019-3563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3563", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3563", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4723.json b/2019/4xxx/CVE-2019-4723.json index 27484cb9852..7a51b818011 100644 --- a/2019/4xxx/CVE-2019-4723.json +++ b/2019/4xxx/CVE-2019-4723.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4723", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4723", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6254.json b/2019/6xxx/CVE-2019-6254.json index 898fec3bc1b..d3397ba2533 100644 --- a/2019/6xxx/CVE-2019-6254.json +++ b/2019/6xxx/CVE-2019-6254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6497.json b/2019/6xxx/CVE-2019-6497.json index 3755d8fb487..af54bc1b36b 100644 --- a/2019/6xxx/CVE-2019-6497.json +++ b/2019/6xxx/CVE-2019-6497.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FantasticLBP/Hotels_Server/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/FantasticLBP/Hotels_Server/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FantasticLBP/Hotels_Server/issues/1", + "refsource": "MISC", + "url": "https://github.com/FantasticLBP/Hotels_Server/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6847.json b/2019/6xxx/CVE-2019-6847.json index 20a43761f6e..7f123547230 100644 --- a/2019/6xxx/CVE-2019-6847.json +++ b/2019/6xxx/CVE-2019-6847.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6847", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6847", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6973.json b/2019/6xxx/CVE-2019-6973.json index b6a2746c69e..09590392d29 100644 --- a/2019/6xxx/CVE-2019-6973.json +++ b/2019/6xxx/CVE-2019-6973.json @@ -2,30 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6973", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } + "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", @@ -34,38 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "EXPLOIT-DB", - "name": "46261", - "url": "https://www.exploit-db.com/exploits/46261/" - }, - { - "url": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html", - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/151377/Sricam-gSOAP-2.8-Denial-Of-Service.html" - }, - { - "url": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit", - "refsource": "MISC", - "name": "https://github.com/bitfu/sricam-gsoap2.8-dos-exploit" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2019/7xxx/CVE-2019-7049.json b/2019/7xxx/CVE-2019-7049.json index 8d8ec0aa163..c09ef7b5028 100644 --- a/2019/7xxx/CVE-2019-7049.json +++ b/2019/7xxx/CVE-2019-7049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7254.json b/2019/7xxx/CVE-2019-7254.json index 816a8cc5a52..e83f743854d 100644 --- a/2019/7xxx/CVE-2019-7254.json +++ b/2019/7xxx/CVE-2019-7254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7470.json b/2019/7xxx/CVE-2019-7470.json index 49407a3f390..da452cb6bf6 100644 --- a/2019/7xxx/CVE-2019-7470.json +++ b/2019/7xxx/CVE-2019-7470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7470", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7470", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7905.json b/2019/7xxx/CVE-2019-7905.json index 4b43006e5ad..f55d4060b86 100644 --- a/2019/7xxx/CVE-2019-7905.json +++ b/2019/7xxx/CVE-2019-7905.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7905", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7905", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7912.json b/2019/7xxx/CVE-2019-7912.json index 6b5f3ad2360..e79383686ab 100644 --- a/2019/7xxx/CVE-2019-7912.json +++ b/2019/7xxx/CVE-2019-7912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8226.json b/2019/8xxx/CVE-2019-8226.json index 174092b112a..48430f2a502 100644 --- a/2019/8xxx/CVE-2019-8226.json +++ b/2019/8xxx/CVE-2019-8226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8492.json b/2019/8xxx/CVE-2019-8492.json index 1cecc233cf0..9b2643ad359 100644 --- a/2019/8xxx/CVE-2019-8492.json +++ b/2019/8xxx/CVE-2019-8492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8510.json b/2019/8xxx/CVE-2019-8510.json index 1ba6793a6c7..534deeb1d63 100644 --- a/2019/8xxx/CVE-2019-8510.json +++ b/2019/8xxx/CVE-2019-8510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index 0cbc5a1cefa..a6290c655ac 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2019-07.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2019-07.html" - }, - { - "name" : "107203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107203" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2019-07.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2019-07.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9468.json b/2019/9xxx/CVE-2019-9468.json index 4eb33e3660f..2a59914f0ed 100644 --- a/2019/9xxx/CVE-2019-9468.json +++ b/2019/9xxx/CVE-2019-9468.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9468", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9468", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index bccd104e84e..fd992274902 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file