diff --git a/2007/0xxx/CVE-2007-0184.json b/2007/0xxx/CVE-2007-0184.json index 63803486614..dd1875cda7b 100644 --- a/2007/0xxx/CVE-2007-0184.json +++ b/2007/0xxx/CVE-2007-0184.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://getahead.ltd.uk/dwr/changelog", - "refsource" : "CONFIRM", - "url" : "http://getahead.ltd.uk/dwr/changelog" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "21955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21955" - }, - { - "name" : "ADV-2007-0095", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0095" - }, - { - "name" : "32657", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32657" - }, - { - "name" : "23641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23641" - }, - { - "name" : "dwr-include-exclude-security-bypass(31377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32657", + "refsource": "OSVDB", + "url": "http://osvdb.org/32657" + }, + { + "name": "23641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23641" + }, + { + "name": "http://getahead.ltd.uk/dwr/changelog", + "refsource": "CONFIRM", + "url": "http://getahead.ltd.uk/dwr/changelog" + }, + { + "name": "ADV-2007-0095", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0095" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "21955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21955" + }, + { + "name": "dwr-include-exclude-security-bypass(31377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31377" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0394.json b/2007/0xxx/CVE-2007-0394.json index 5eaa51fa5df..b610a9a82b4 100644 --- a/2007/0xxx/CVE-2007-0394.json +++ b/2007/0xxx/CVE-2007-0394.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070118 Multiple OS kernel insecure handling of stdio file descriptor", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457279/100/0/threaded" - }, - { - "name" : "20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457315/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070118 Multiple OS kernel insecure handling of stdio file descriptor", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457279/100/0/threaded" + }, + { + "name": "20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457315/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0522.json b/2007/0xxx/CVE-2007-0522.json index 004e6c9bf00..7edbf06d21a 100644 --- a/2007/0xxx/CVE-2007-0522.json +++ b/2007/0xxx/CVE-2007-0522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070123 Bluetooth DoS by obex push", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457768/100/0/threaded" - }, - { - "name" : "20070123 Re: Bluetooth DoS by obex push [readable]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/457797/100/0/threaded" - }, - { - "name" : "2180", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2180", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2180" + }, + { + "name": "20070123 Re: Bluetooth DoS by obex push [readable]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457797/100/0/threaded" + }, + { + "name": "20070123 Bluetooth DoS by obex push", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/457768/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1002.json b/2007/1xxx/CVE-2007-1002.json index cee810432cc..4a56e95c1aa 100644 --- a/2007/1xxx/CVE-2007-1002.json +++ b/2007/1xxx/CVE-2007-1002.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/463406/100/0/threaded" - }, - { - "name" : "20070405 FLEA-2007-0010-1: evolution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464820/30/7170/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2007-44/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-44/advisory/" - }, - { - "name" : "DSA-1325", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1325" - }, - { - "name" : "GLSA-200706-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200706-02.xml" - }, - { - "name" : "MDKSA-2007:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:070" - }, - { - "name" : "RHSA-2007:0158", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2007-0158.html" - }, - { - "name" : "SUSE-SR:2007:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html" - }, - { - "name" : "USN-442-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-442-1" - }, - { - "name" : "23073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23073" - }, - { - "name" : "oval:org.mitre.oval:def:10100", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100" - }, - { - "name" : "ADV-2007-1058", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1058" - }, - { - "name" : "1017808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017808" - }, - { - "name" : "24234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24234" - }, - { - "name" : "24651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24651" - }, - { - "name" : "24668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24668" - }, - { - "name" : "25102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25102" - }, - { - "name" : "25551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25551" - }, - { - "name" : "25880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25880" - }, - { - "name" : "evolution-writehtml-format-string(33106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24651" + }, + { + "name": "RHSA-2007:0158", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2007-0158.html" + }, + { + "name": "1017808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017808" + }, + { + "name": "GLSA-200706-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200706-02.xml" + }, + { + "name": "23073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23073" + }, + { + "name": "25880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25880" + }, + { + "name": "20070405 FLEA-2007-0010-1: evolution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464820/30/7170/threaded" + }, + { + "name": "DSA-1325", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1325" + }, + { + "name": "evolution-writehtml-format-string(33106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33106" + }, + { + "name": "20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/463406/100/0/threaded" + }, + { + "name": "24234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24234" + }, + { + "name": "oval:org.mitre.oval:def:10100", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10100" + }, + { + "name": "http://secunia.com/secunia_research/2007-44/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-44/advisory/" + }, + { + "name": "USN-442-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-442-1" + }, + { + "name": "25102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25102" + }, + { + "name": "MDKSA-2007:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:070" + }, + { + "name": "ADV-2007-1058", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1058" + }, + { + "name": "25551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25551" + }, + { + "name": "SUSE-SR:2007:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html" + }, + { + "name": "24668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24668" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1360.json b/2007/1xxx/CVE-2007-1360.json index f2cb6ba292a..6993631c0a4 100644 --- a/2007/1xxx/CVE-2007-1360.json +++ b/2007/1xxx/CVE-2007-1360.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/125324", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/125324" - }, - { - "name" : "22853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22853" - }, - { - "name" : "ADV-2007-0855", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0855" - }, - { - "name" : "33911", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/33911" - }, - { - "name" : "24372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24372" - }, - { - "name" : "nodefamily-url-security-bypass(32873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0855", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0855" + }, + { + "name": "22853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22853" + }, + { + "name": "nodefamily-url-security-bypass(32873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32873" + }, + { + "name": "http://drupal.org/node/125324", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/125324" + }, + { + "name": "24372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24372" + }, + { + "name": "33911", + "refsource": "OSVDB", + "url": "http://osvdb.org/33911" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3134.json b/2007/3xxx/CVE-2007-3134.json index 164c24abd1f..81fe8d73830 100644 --- a/2007/3xxx/CVE-2007-3134.json +++ b/2007/3xxx/CVE-2007-3134.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using \"Approve Comments.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=186464&release_id=514101", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=186464&release_id=514101" - }, - { - "name" : "37046", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37046" - }, - { - "name" : "25562", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25562" - }, - { - "name" : "atom-photoblog-atomphotoblog-xss(34767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using \"Approve Comments.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "atom-photoblog-atomphotoblog-xss(34767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34767" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=186464&release_id=514101", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?group_id=186464&release_id=514101" + }, + { + "name": "25562", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25562" + }, + { + "name": "37046", + "refsource": "OSVDB", + "url": "http://osvdb.org/37046" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3411.json b/2007/3xxx/CVE-2007-3411.json index 5577976a7b9..f105e75c8d3 100644 --- a/2007/3xxx/CVE-2007-3411.json +++ b/2007/3xxx/CVE-2007-3411.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels-team.blogspot.com/2007/06/clickgallery-server-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels-team.blogspot.com/2007/06/clickgallery-server-vuln.html" - }, - { - "name" : "36370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36370" - }, - { - "name" : "25805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25805" - }, - { - "name" : "clickgallery-editimage-sql-injection(35023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clickgallery-editimage-sql-injection(35023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35023" + }, + { + "name": "25805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25805" + }, + { + "name": "36370", + "refsource": "OSVDB", + "url": "http://osvdb.org/36370" + }, + { + "name": "http://pridels-team.blogspot.com/2007/06/clickgallery-server-vuln.html", + "refsource": "MISC", + "url": "http://pridels-team.blogspot.com/2007/06/clickgallery-server-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3416.json b/2007/3xxx/CVE-2007-3416.json index 54fafcd28e0..30141c1ffcd 100644 --- a/2007/3xxx/CVE-2007-3416.json +++ b/2007/3xxx/CVE-2007-3416.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" - }, - { - "name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" - }, - { - "name" : "20070628 Regarding Web-APP.org WebAPP CVE Entry Details", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-June/001687.html" - }, - { - "name" : "webapp-org-administration-csrf(35929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webapp-org-administration-csrf(35929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35929" + }, + { + "name": "20070628 Regarding Web-APP.org WebAPP CVE Entry Details", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-June/001687.html" + }, + { + "name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" + }, + { + "name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", + "refsource": "CONFIRM", + "url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3488.json b/2007/3xxx/CVE-2007-3488.json index c08fb20d7b1..27cf5b3fd97 100644 --- a/2007/3xxx/CVE-2007-3488.json +++ b/2007/3xxx/CVE-2007-3488.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4120", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4120" - }, - { - "name" : "http://jvn.jp/en/jp/JVN16767117/041520/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN16767117/041520/index.html" - }, - { - "name" : "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", - "refsource" : "CONFIRM", - "url" : "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml" - }, - { - "name" : "JVN#16767117", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN16767117/index.html" - }, - { - "name" : "JVNDB-2009-000012", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html" - }, - { - "name" : "24684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24684" - }, - { - "name" : "39479", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/39479" - }, - { - "name" : "sncp5-prmsetnetworkparam-bo(35133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#16767117", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN16767117/index.html" + }, + { + "name": "sncp5-prmsetnetworkparam-bo(35133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35133" + }, + { + "name": "JVNDB-2009-000012", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html" + }, + { + "name": "4120", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4120" + }, + { + "name": "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", + "refsource": "CONFIRM", + "url": "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml" + }, + { + "name": "39479", + "refsource": "OSVDB", + "url": "http://osvdb.org/39479" + }, + { + "name": "24684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24684" + }, + { + "name": "http://jvn.jp/en/jp/JVN16767117/041520/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN16767117/041520/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4098.json b/2007/4xxx/CVE-2007-4098.json index 9cd43a9cbe5..399864193f3 100644 --- a/2007/4xxx/CVE-2007-4098.json +++ b/2007/4xxx/CVE-2007-4098.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.2.15 does not properly distinguish \"streamids from different exits,\" which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20070723 Tor 0.1.2.15 is released", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jul-2007/msg00000.html" - }, - { - "name" : "25035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25035" - }, - { - "name" : "ADV-2007-2634", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2634" - }, - { - "name" : "46970", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46970" - }, - { - "name" : "26140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.2.15 does not properly distinguish \"streamids from different exits,\" which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25035" + }, + { + "name": "26140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26140" + }, + { + "name": "46970", + "refsource": "OSVDB", + "url": "http://osvdb.org/46970" + }, + { + "name": "ADV-2007-2634", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2634" + }, + { + "name": "[or-announce] 20070723 Tor 0.1.2.15 is released", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jul-2007/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4119.json b/2007/4xxx/CVE-2007-4119.json index cb5bd8bfae6..e1f0a5c49c7 100644 --- a/2007/4xxx/CVE-2007-4119.json +++ b/2007/4xxx/CVE-2007-4119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070727 Berthanas Ziyaretci Defteri v2.0 (tr) Sql", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/474930/100/0/threaded" - }, - { - "name" : "25109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25109" - }, - { - "name" : "ADV-2007-2761", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2761" - }, - { - "name" : "26371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26371" - }, - { - "name" : "2943", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2943" - }, - { - "name" : "berthanas-yonetici-sql-injection(35684)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2761", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2761" + }, + { + "name": "2943", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2943" + }, + { + "name": "berthanas-yonetici-sql-injection(35684)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35684" + }, + { + "name": "26371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26371" + }, + { + "name": "25109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25109" + }, + { + "name": "20070727 Berthanas Ziyaretci Defteri v2.0 (tr) Sql", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/474930/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4234.json b/2007/4xxx/CVE-2007-4234.json index 5987e28cad9..4a829aa8767 100644 --- a/2007/4xxx/CVE-2007-4234.json +++ b/2007/4xxx/CVE-2007-4234.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog", - "refsource" : "MISC", - "url" : "http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=721006", - "refsource" : "MISC", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=721006" - }, - { - "name" : "26319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26319" - }, - { - "name" : "cameralife-unspecified-security-bypass(35839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog", + "refsource": "MISC", + "url": "http://fdcl.svn.sourceforge.net/viewvc/*checkout*/fdcl/trunk/Changelog" + }, + { + "name": "26319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26319" + }, + { + "name": "cameralife-unspecified-security-bypass(35839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35839" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=721006", + "refsource": "MISC", + "url": "http://sourceforge.net/forum/forum.php?forum_id=721006" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4250.json b/2007/4xxx/CVE-2007-4250.json index 2c8f7b5fdb1..28a7cee42c1 100644 --- a/2007/4xxx/CVE-2007-4250.json +++ b/2007/4xxx/CVE-2007-4250.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070804 [ELEYTT] 4SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475534/100/0/threaded" - }, - { - "name" : "20070809 Re: [ELEYTT] 4SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475932/100/100/threaded" - }, - { - "name" : "20070809 vendor ACK - Advanced Searchbar - CVE-2007-4250", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-August/001756.html" - }, - { - "name" : "3004", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3004" - }, - { - "name" : "advancedsearchbar-ischecked-dos(35805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070804 [ELEYTT] 4SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475534/100/0/threaded" + }, + { + "name": "advancedsearchbar-ischecked-dos(35805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35805" + }, + { + "name": "20070809 vendor ACK - Advanced Searchbar - CVE-2007-4250", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-August/001756.html" + }, + { + "name": "3004", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3004" + }, + { + "name": "20070809 Re: [ELEYTT] 4SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475932/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4462.json b/2007/4xxx/CVE-2007-4462.json index bbc3fc58769..7526dd803e7 100644 --- a/2007/4xxx/CVE-2007-4462.json +++ b/2007/4xxx/CVE-2007-4462.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=189440", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=189440" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253541", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253541" - }, - { - "name" : "http://alioth.debian.org/frs/shownotes.php?release_id=1019", - "refsource" : "CONFIRM", - "url" : "http://alioth.debian.org/frs/shownotes.php?release_id=1019" - }, - { - "name" : "GLSA-200709-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200709-04.xml" - }, - { - "name" : "25402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25402" - }, - { - "name" : "26492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26492" - }, - { - "name" : "26810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26810" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26492" + }, + { + "name": "GLSA-200709-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200709-04.xml" + }, + { + "name": "25402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25402" + }, + { + "name": "http://alioth.debian.org/frs/shownotes.php?release_id=1019", + "refsource": "CONFIRM", + "url": "http://alioth.debian.org/frs/shownotes.php?release_id=1019" + }, + { + "name": "26810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26810" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253541", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253541" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=189440", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=189440" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4700.json b/2007/4xxx/CVE-2007-4700.json index afd36f58a87..8dc00f0ae4c 100644 --- a/2007/4xxx/CVE-2007-4700.json +++ b/2007/4xxx/CVE-2007-4700.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307041", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307041" - }, - { - "name" : "APPLE-SA-2007-11-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" - }, - { - "name" : "TA07-319A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" - }, - { - "name" : "26444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26444" - }, - { - "name" : "ADV-2007-3868", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3868" - }, - { - "name" : "1018948", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018948" - }, - { - "name" : "27643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27643" - }, - { - "name" : "macosx-webkit-safari-security-bypass(38486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26444" + }, + { + "name": "macosx-webkit-safari-security-bypass(38486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38486" + }, + { + "name": "APPLE-SA-2007-11-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307041", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307041" + }, + { + "name": "1018948", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018948" + }, + { + "name": "ADV-2007-3868", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3868" + }, + { + "name": "27643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27643" + }, + { + "name": "TA07-319A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5166.json b/2014/5xxx/CVE-2014-5166.json index 069be22aab3..5aea4d1eb17 100644 --- a/2014/5xxx/CVE-2014-5166.json +++ b/2014/5xxx/CVE-2014-5166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5204.json b/2014/5xxx/CVE-2014-5204.json index 87d73851d41..cfdf93a3841 100644 --- a/2014/5xxx/CVE-2014-5204.json +++ b/2014/5xxx/CVE-2014-5204.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-5204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE's", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/08/13/3" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/29384", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/29384" - }, - { - "name" : "https://wordpress.org/news/2014/08/wordpress-3-9-2/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2014/08/wordpress-3-9-2/" - }, - { - "name" : "DSA-3001", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3001", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3001" + }, + { + "name": "https://wordpress.org/news/2014/08/wordpress-3-9-2/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/" + }, + { + "name": "https://core.trac.wordpress.org/changeset/29384", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/29384" + }, + { + "name": "[oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE's", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/08/13/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2109.json b/2015/2xxx/CVE-2015-2109.json index 7f2549ff19b..629d59cf282 100644 --- a/2015/2xxx/CVE-2015-2109.json +++ b/2015/2xxx/CVE-2015-2109.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-2109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03292", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607" - }, - { - "name" : "SSRT101981", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607" - }, - { - "name" : "73323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU03292", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607" + }, + { + "name": "SSRT101981", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607" + }, + { + "name": "73323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73323" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2422.json b/2015/2xxx/CVE-2015-2422.json index 8f727324931..ffe2cea3909 100644 --- a/2015/2xxx/CVE-2015-2422.json +++ b/2015/2xxx/CVE-2015-2422.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" - }, - { - "name" : "1032894", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032894", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032894" + }, + { + "name": "MS15-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2472.json b/2015/2xxx/CVE-2015-2472.json index 6680f2d3262..895aea492e0 100644 --- a/2015/2xxx/CVE-2015-2472.json +++ b/2015/2xxx/CVE-2015-2472.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka \"Remote Desktop Session Host Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-082", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082" - }, - { - "name" : "1033242", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka \"Remote Desktop Session Host Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-082", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082" + }, + { + "name": "1033242", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033242" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2679.json b/2015/2xxx/CVE-2015-2679.json index 453322d7c27..9927be36a5a 100644 --- a/2015/2xxx/CVE-2015-2679.json +++ b/2015/2xxx/CVE-2015-2679.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36321", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/36321" - }, - { - "name" : "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php" - }, - { - "name" : "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17", - "refsource" : "CONFIRM", - "url" : "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17" - }, - { - "name" : "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16", - "refsource" : "CONFIRM", - "url" : "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/issues/7", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/7" - }, - { - "name" : "73297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73297" - }, - { - "name" : "119392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/119392" - }, - { - "name" : "119393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/119393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16", + "refsource": "CONFIRM", + "url": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16" + }, + { + "name": "119392", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/119392" + }, + { + "name": "https://github.com/semplon/GeniXCMS/issues/7", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/7" + }, + { + "name": "36321", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/36321" + }, + { + "name": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815" + }, + { + "name": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17", + "refsource": "CONFIRM", + "url": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php" + }, + { + "name": "73297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73297" + }, + { + "name": "119393", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/119393" + }, + { + "name": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2780.json b/2015/2xxx/CVE-2015-2780.json index 8c982e413b5..058f5b30c8c 100644 --- a/2015/2xxx/CVE-2015-2780.json +++ b/2015/2xxx/CVE-2015-2780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36520", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36520/" - }, - { - "name" : "20150326 Insecure file upload in Berta CMS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/155" - }, - { - "name" : "[oss-security] 20150328 Re: Fwd: Insecure file upload in Berta CMS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/03/28/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150326 Insecure file upload in Berta CMS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/155" + }, + { + "name": "36520", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36520/" + }, + { + "name": "[oss-security] 20150328 Re: Fwd: Insecure file upload in Berta CMS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/03/28/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6517.json b/2015/6xxx/CVE-2015-6517.json index 42dc63c2f70..8e33c02b2df 100644 --- a/2015/6xxx/CVE-2015-6517.json +++ b/2015/6xxx/CVE-2015-6517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150705 phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535936/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132580/phpLiteAdmin-1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132580/phpLiteAdmin-1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150705 phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535936/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132580/phpLiteAdmin-1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132580/phpLiteAdmin-1.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6746.json b/2015/6xxx/CVE-2015-6746.json index 9a0e95f867a..257a2d71458 100644 --- a/2015/6xxx/CVE-2015-6746.json +++ b/2015/6xxx/CVE-2015-6746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/120" - }, - { - "name" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html", - "refsource" : "MISC", - "url" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/120" + }, + { + "name": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html", + "refsource": "MISC", + "url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6828.json b/2015/6xxx/CVE-2015-6828.json index 88c84790e3a..8094e9aada1 100644 --- a/2015/6xxx/CVE-2015-6828.json +++ b/2015/6xxx/CVE-2015-6828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150905 Some Wordpress Plugin Stuff", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/05/4" - }, - { - "name" : "[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/06/3" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8179", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/06/3" + }, + { + "name": "[oss-security] 20150905 Some Wordpress Plugin Stuff", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/05/4" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8179", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8179" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6877.json b/2015/6xxx/CVE-2015-6877.json index 50ca1458f29..7dde023c576 100644 --- a/2015/6xxx/CVE-2015-6877.json +++ b/2015/6xxx/CVE-2015-6877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6877", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6877", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7277.json b/2015/7xxx/CVE-2015-7277.json index f2dc0e4b58a..ef7ca0a50fc 100644 --- a/2015/7xxx/CVE-2015-7277.json +++ b/2015/7xxx/CVE-2015-7277.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#763576", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/763576" - }, - { - "name" : "78818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/78818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/78818" + }, + { + "name": "VU#763576", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/763576" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7482.json b/2015/7xxx/CVE-2015-7482.json index 6cb7faf7447..a59441d1f60 100644 --- a/2015/7xxx/CVE-2015-7482.json +++ b/2015/7xxx/CVE-2015-7482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0349.json b/2016/0xxx/CVE-2016-0349.json index 8346ac32895..d912b7d822b 100644 --- a/2016/0xxx/CVE-2016-0349.json +++ b/2016/0xxx/CVE-2016-0349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981094", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21981094" - }, - { - "name" : "JR55701", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55701" - }, - { - "name" : "1036185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036185" + }, + { + "name": "JR55701", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55701" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981094", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981094" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0661.json b/2016/0xxx/CVE-2016-0661.json index 8006f73310c..e87954c5048 100644 --- a/2016/0xxx/CVE-2016-0661.json +++ b/2016/0xxx/CVE-2016-0661.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "RHSA-2016:0705", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0705.html" - }, - { - "name" : "openSUSE-SU-2016:1332", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html" - }, - { - "name" : "USN-2953-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2953-1" - }, - { - "name" : "86511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/86511" - }, - { - "name" : "1035606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035606" + }, + { + "name": "USN-2953-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2953-1" + }, + { + "name": "openSUSE-SU-2016:1332", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html" + }, + { + "name": "86511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/86511" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "RHSA-2016:0705", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0705.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000348.json b/2016/1000xxx/CVE-2016-1000348.json index 635cb49c233..859b69da013 100644 --- a/2016/1000xxx/CVE-2016-1000348.json +++ b/2016/1000xxx/CVE-2016-1000348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000348", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10211. Reason: This candidate is a reservation duplicate of CVE-2016-10211. Notes: All CVE users should reference CVE-2016-10211 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1000348", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10211. Reason: This candidate is a reservation duplicate of CVE-2016-10211. Notes: All CVE users should reference CVE-2016-10211 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10145.json b/2016/10xxx/CVE-2016-10145.json index 87ba52456b7..9428815fbf0 100644 --- a/2016/10xxx/CVE-2016-10145.json +++ b/2016/10xxx/CVE-2016-10145.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-10145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/16/6" - }, - { - "name" : "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/17/5" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9" - }, - { - "name" : "DSA-3799", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3799" - }, - { - "name" : "GLSA-201702-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-09" - }, - { - "name" : "95749", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170116 CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/16/6" + }, + { + "name": "GLSA-201702-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-09" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9" + }, + { + "name": "DSA-3799", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3799" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851483" + }, + { + "name": "[oss-security] 20170116 Re: CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/17/5" + }, + { + "name": "95749", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95749" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10246.json b/2016/10xxx/CVE-2016-10246.json index f16bc9e11f0..7e8d4e23eaa 100644 --- a/2016/10xxx/CVE-2016-10246.json +++ b/2016/10xxx/CVE-2016-10246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-10246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: mupdf: mujstest: global-buffer-overflow in main (jstest_main.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/21" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-main-jstest_main-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-main-jstest_main-c/" - }, - { - "name" : "http://git.ghostscript.com/?p=mupdf.git;h=cfe8f35bca61056363368c343be36812abde0a06", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=mupdf.git;h=cfe8f35bca61056363368c343be36812abde0a06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170313 Re: mupdf: mujstest: global-buffer-overflow in main (jstest_main.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/21" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-main-jstest_main-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-main-jstest_main-c/" + }, + { + "name": "http://git.ghostscript.com/?p=mupdf.git;h=cfe8f35bca61056363368c343be36812abde0a06", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=mupdf.git;h=cfe8f35bca61056363368c343be36812abde0a06" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1624.json b/2016/1xxx/CVE-2016-1624.json index 79db6fb7d99..74ae1b60fe9 100644 --- a/2016/1xxx/CVE-2016-1624.json +++ b/2016/1xxx/CVE-2016-1624.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=583607", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=583607" - }, - { - "name" : "https://codereview.chromium.org/1662313002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1662313002" - }, - { - "name" : "DSA-3486", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3486" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2016:0241", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0241.html" - }, - { - "name" : "openSUSE-SU-2016:0518", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html" - }, - { - "name" : "openSUSE-SU-2016:0491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html" - }, - { - "name" : "USN-2895-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2895-1" - }, - { - "name" : "83125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83125" - }, - { - "name" : "1035183", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83125" + }, + { + "name": "https://codereview.chromium.org/1662313002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1662313002" + }, + { + "name": "1035183", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035183" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "openSUSE-SU-2016:0491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=583607", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=583607" + }, + { + "name": "USN-2895-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2895-1" + }, + { + "name": "openSUSE-SU-2016:0518", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html" + }, + { + "name": "DSA-3486", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3486" + }, + { + "name": "RHSA-2016:0241", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0241.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4116.json b/2016/4xxx/CVE-2016-4116.json index c90d8855bc2..062b42dc94c 100644 --- a/2016/4xxx/CVE-2016-4116.json +++ b/2016/4xxx/CVE-2016-4116.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2016-4116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" - }, - { - "name" : "MS16-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" - }, - { - "name" : "RHSA-2016:1079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1079.html" - }, - { - "name" : "SUSE-SU-2016:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" - }, - { - "name" : "1035827", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2016:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html" + }, + { + "name": "1035827", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035827" + }, + { + "name": "MS16-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" + }, + { + "name": "RHSA-2016:1079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4343.json b/2016/4xxx/CVE-2016-4343.json index 462eca28084..a0a56b47816 100644 --- a/2016/4xxx/CVE-2016-4343.json +++ b/2016/4xxx/CVE-2016-4343.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160428 [CVE Requests] PHP issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/28/2" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "MISC", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "MISC", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=71331", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=71331" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "openSUSE-SU-2016:1357", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html" - }, - { - "name" : "89179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "MISC", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/bug.php?id=71331", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=71331" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "MISC", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "[oss-security] 20160428 [CVE Requests] PHP issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/28/2" + }, + { + "name": "89179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89179" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731" + }, + { + "name": "openSUSE-SU-2016:1357", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4525.json b/2016/4xxx/CVE-2016-4525.json index 255e6125ed5..fc63a454378 100644 --- a/2016/4xxx/CVE-2016-4525.json +++ b/2016/4xxx/CVE-2016-4525.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-4525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4922.json b/2016/4xxx/CVE-2016-4922.json index f2eb19057a1..9298200c61d 100644 --- a/2016/4xxx/CVE-2016-4922.json +++ b/2016/4xxx/CVE-2016-4922.json @@ -1,153 +1,153 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2016-10-12T09:00", - "ID" : "CVE-2016-4922", - "STATE" : "PUBLIC", - "TITLE" : "Junos: Privilege escalation vulnerabilities in Junos CLI" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "", - "version_value" : "11.4 prior to 11.4R13-S3" - }, - { - "platform" : "", - "version_value" : "12.1X46 prior to 12.1X46-D60" - }, - { - "platform" : "", - "version_value" : "12.1X47 prior to 12.1X47-D45" - }, - { - "platform" : "", - "version_value" : "12.3 prior to 12.3R12" - }, - { - "platform" : "", - "version_value" : "12.3X48 prior to 12.3X48-D35" - }, - { - "platform" : "", - "version_value" : "13.2 prior to 13.2R9" - }, - { - "platform" : "", - "version_value" : "13.3 prior to 13.3R4-S11, 13.3R9" - }, - { - "platform" : "", - "version_value" : "14.1 prior to 14.1R4-S12, 14.1R7" - }, - { - "platform" : "", - "version_value" : "14.1X53 prior to 14.1X53-D28, 14.1X53-D40" - }, - { - "platform" : "", - "version_value" : "14.1X55 prior to 14.1X55-D35" - }, - { - "platform" : "", - "version_value" : "14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5" - }, - { - "platform" : "", - "version_value" : "15.1 prior to 15.1F4, 15.1R3" - }, - { - "platform" : "", - "version_value" : "15.1X49 prior to 15.1X49-D60" - }, - { - "platform" : "", - "version_value" : "15.1X53 prior to 15.1X53-D57, 15.1X53-D70" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 8.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2016-10-12T09:00", + "ID": "CVE-2016-4922", + "STATE": "PUBLIC", + "TITLE": "Junos: Privilege escalation vulnerabilities in Junos CLI" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "", + "version_value": "11.4 prior to 11.4R13-S3" + }, + { + "platform": "", + "version_value": "12.1X46 prior to 12.1X46-D60" + }, + { + "platform": "", + "version_value": "12.1X47 prior to 12.1X47-D45" + }, + { + "platform": "", + "version_value": "12.3 prior to 12.3R12" + }, + { + "platform": "", + "version_value": "12.3X48 prior to 12.3X48-D35" + }, + { + "platform": "", + "version_value": "13.2 prior to 13.2R9" + }, + { + "platform": "", + "version_value": "13.3 prior to 13.3R4-S11, 13.3R9" + }, + { + "platform": "", + "version_value": "14.1 prior to 14.1R4-S12, 14.1R7" + }, + { + "platform": "", + "version_value": "14.1X53 prior to 14.1X53-D28, 14.1X53-D40" + }, + { + "platform": "", + "version_value": "14.1X55 prior to 14.1X55-D35" + }, + { + "platform": "", + "version_value": "14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5" + }, + { + "platform": "", + "version_value": "15.1 prior to 15.1F4, 15.1R3" + }, + { + "platform": "", + "version_value": "15.1X49 prior to 15.1X49-D60" + }, + { + "platform": "", + "version_value": "15.1X53 prior to 15.1X53-D57, 15.1X53-D70" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10763", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10763" - }, - { - "name" : "93534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93534" - }, - { - "name" : "1037013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037013" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 11.4R13-S3, 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R4-S11, 13.3R9, 14.1R4-S12, 14.1R7, 14.1X53-D28, 14.1X53-D40, 14.1X55-D35, 14.2R3-S10, 14.2R4-S7, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D57, 15.1X53-D70, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1027807, 1117227, and 1061973, and are visible on the Customer Support website.", - "work_around" : [ - { - "lang" : "eng", - "value" : "Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators." - } - ] -} + } + }, + "configuration": [], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10763", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10763" + }, + { + "name": "93534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93534" + }, + { + "name": "1037013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037013" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 11.4R13-S3, 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R4-S11, 13.3R9, 14.1R4-S12, 14.1R7, 14.1X53-D28, 14.1X53-D40, 14.1X55-D35, 14.2R3-S10, 14.2R4-S7, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D57, 15.1X53-D70, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1027807, 1117227, and 1061973, and are visible on the Customer Support website.", + "work_around": [ + { + "lang": "eng", + "value": "Use access lists or firewall filters to limit access to the router's CLI only from trusted hosts. Restrict access to the CLI to only highly trusted administrators." + } + ] +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0853.json b/2019/0xxx/CVE-2019-0853.json index bac41d0264e..10026bb438b 100644 --- a/2019/0xxx/CVE-2019-0853.json +++ b/2019/0xxx/CVE-2019-0853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3084.json b/2019/3xxx/CVE-2019-3084.json index 9c7fd2b8d53..ec71d257108 100644 --- a/2019/3xxx/CVE-2019-3084.json +++ b/2019/3xxx/CVE-2019-3084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3189.json b/2019/3xxx/CVE-2019-3189.json index c25f0c36cab..516ad0bf766 100644 --- a/2019/3xxx/CVE-2019-3189.json +++ b/2019/3xxx/CVE-2019-3189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3479.json b/2019/3xxx/CVE-2019-3479.json index 1ad35d7fdc7..78263e28b71 100644 --- a/2019/3xxx/CVE-2019-3479.json +++ b/2019/3xxx/CVE-2019-3479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3575.json b/2019/3xxx/CVE-2019-3575.json index 5334a347ac0..69d83d00884 100644 --- a/2019/3xxx/CVE-2019-3575.json +++ b/2019/3xxx/CVE-2019-3575.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/schettino72/sqla_yaml_fixtures/issues/20", - "refsource" : "MISC", - "url" : "https://github.com/schettino72/sqla_yaml_fixtures/issues/20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/schettino72/sqla_yaml_fixtures/issues/20", + "refsource": "MISC", + "url": "https://github.com/schettino72/sqla_yaml_fixtures/issues/20" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3870.json b/2019/3xxx/CVE-2019-3870.json index 59867e4022e..6e4252f7c84 100644 --- a/2019/3xxx/CVE-2019-3870.json +++ b/2019/3xxx/CVE-2019-3870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3870", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3870", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4050.json b/2019/4xxx/CVE-2019-4050.json index c59190e8d95..8c345c16170 100644 --- a/2019/4xxx/CVE-2019-4050.json +++ b/2019/4xxx/CVE-2019-4050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4091.json b/2019/4xxx/CVE-2019-4091.json index 2f27e400cbd..6aebd089788 100644 --- a/2019/4xxx/CVE-2019-4091.json +++ b/2019/4xxx/CVE-2019-4091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4762.json b/2019/4xxx/CVE-2019-4762.json index 2bd0b237294..e065cea823e 100644 --- a/2019/4xxx/CVE-2019-4762.json +++ b/2019/4xxx/CVE-2019-4762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4873.json b/2019/4xxx/CVE-2019-4873.json index 6e1381ce3e0..085e700052c 100644 --- a/2019/4xxx/CVE-2019-4873.json +++ b/2019/4xxx/CVE-2019-4873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6205.json b/2019/6xxx/CVE-2019-6205.json index 0ab53de5f46..a5052cc006b 100644 --- a/2019/6xxx/CVE-2019-6205.json +++ b/2019/6xxx/CVE-2019-6205.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2019-6205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "iOS 12.1.3" - } - ] - } - }, - { - "product_name" : "macOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "macOS Mojave 10.14.3" - } - ] - } - }, - { - "product_name" : "tvOS", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "tvOS 12.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apple" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A malicious application may cause unexpected changes in memory shared between processes" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2019-6205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 12.1.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Mojave 10.14.3" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 12.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Apple" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46299", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46299/" - }, - { - "name" : "https://support.apple.com/HT209443", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209443" - }, - { - "name" : "https://support.apple.com/HT209446", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209446" - }, - { - "name" : "https://support.apple.com/HT209447", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT209447" - }, - { - "name" : "106695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A malicious application may cause unexpected changes in memory shared between processes" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106695" + }, + { + "name": "https://support.apple.com/HT209446", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209446" + }, + { + "name": "https://support.apple.com/HT209443", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209443" + }, + { + "name": "46299", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46299/" + }, + { + "name": "https://support.apple.com/HT209447", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT209447" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6805.json b/2019/6xxx/CVE-2019-6805.json index 494d8a394a5..4b315cf2960 100644 --- a/2019/6xxx/CVE-2019-6805.json +++ b/2019/6xxx/CVE-2019-6805.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/0FuzzingQ/vuln/blob/master/s-cms", - "refsource" : "MISC", - "url" : "https://github.com/0FuzzingQ/vuln/blob/master/s-cms" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/0FuzzingQ/vuln/blob/master/s-cms", + "refsource": "MISC", + "url": "https://github.com/0FuzzingQ/vuln/blob/master/s-cms" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7098.json b/2019/7xxx/CVE-2019-7098.json index 573f39285bb..e8385e729d4 100644 --- a/2019/7xxx/CVE-2019-7098.json +++ b/2019/7xxx/CVE-2019-7098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7098", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7098", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7203.json b/2019/7xxx/CVE-2019-7203.json index a0fb5430ac3..3fa87c4f2ae 100644 --- a/2019/7xxx/CVE-2019-7203.json +++ b/2019/7xxx/CVE-2019-7203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7379.json b/2019/7xxx/CVE-2019-7379.json index f126ecb2edf..29f8e35a11c 100644 --- a/2019/7xxx/CVE-2019-7379.json +++ b/2019/7xxx/CVE-2019-7379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7399.json b/2019/7xxx/CVE-2019-7399.json index fc8ed011031..264fa1ac18e 100644 --- a/2019/7xxx/CVE-2019-7399.json +++ b/2019/7xxx/CVE-2019-7399.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for \"Terms of Use\" and Privacy pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/", - "refsource" : "MISC", - "url" : "https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/" - }, - { - "name" : "107025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for \"Terms of Use\" and Privacy pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107025" + }, + { + "name": "https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/", + "refsource": "MISC", + "url": "https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7401.json b/2019/7xxx/CVE-2019-7401.json index 086b2cfaf09..32cae9dcb71 100644 --- a/2019/7xxx/CVE-2019-7401.json +++ b/2019/7xxx/CVE-2019-7401.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.nginx.org/unit/file/tip/CHANGES", - "refsource" : "MISC", - "url" : "http://hg.nginx.org/unit/file/tip/CHANGES" - }, - { - "name" : "http://mailman.nginx.org/pipermail/unit/2019-February/000113.html", - "refsource" : "MISC", - "url" : "http://mailman.nginx.org/pipermail/unit/2019-February/000113.html" - }, - { - "name" : "http://unit.nginx.org/CHANGES.txt", - "refsource" : "MISC", - "url" : "http://unit.nginx.org/CHANGES.txt" - }, - { - "name" : "106956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://unit.nginx.org/CHANGES.txt", + "refsource": "MISC", + "url": "http://unit.nginx.org/CHANGES.txt" + }, + { + "name": "http://mailman.nginx.org/pipermail/unit/2019-February/000113.html", + "refsource": "MISC", + "url": "http://mailman.nginx.org/pipermail/unit/2019-February/000113.html" + }, + { + "name": "http://hg.nginx.org/unit/file/tip/CHANGES", + "refsource": "MISC", + "url": "http://hg.nginx.org/unit/file/tip/CHANGES" + }, + { + "name": "106956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106956" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8200.json b/2019/8xxx/CVE-2019-8200.json index 218285d42f2..d28c37b56be 100644 --- a/2019/8xxx/CVE-2019-8200.json +++ b/2019/8xxx/CVE-2019-8200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8234.json b/2019/8xxx/CVE-2019-8234.json index f243c73843c..b0503d2df83 100644 --- a/2019/8xxx/CVE-2019-8234.json +++ b/2019/8xxx/CVE-2019-8234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8322.json b/2019/8xxx/CVE-2019-8322.json index 4b5f45454bc..483ea5a29cf 100644 --- a/2019/8xxx/CVE-2019-8322.json +++ b/2019/8xxx/CVE-2019-8322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8855.json b/2019/8xxx/CVE-2019-8855.json index 2ed82140bfa..29842dfbe90 100644 --- a/2019/8xxx/CVE-2019-8855.json +++ b/2019/8xxx/CVE-2019-8855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9070.json b/2019/9xxx/CVE-2019-9070.json index 1dc0e4596c2..1f89c843c4c 100644 --- a/2019/9xxx/CVE-2019-9070.json +++ b/2019/9xxx/CVE-2019-9070.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", - "refsource" : "MISC", - "url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24229" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190314-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190314-0003/" - }, - { - "name" : "107147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", + "refsource": "MISC", + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24229" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190314-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" + }, + { + "name": "107147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107147" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9754.json b/2019/9xxx/CVE-2019-9754.json index 5316cfdd11e..af6b7797f9b 100644 --- a/2019/9xxx/CVE-2019-9754.json +++ b/2019/9xxx/CVE-2019-9754.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html", - "refsource" : "MISC", - "url" : "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html", + "refsource": "MISC", + "url": "https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9829.json b/2019/9xxx/CVE-2019-9829.json index fe0aa24f8f2..79727a27b2a 100644 --- a/2019/9xxx/CVE-2019-9829.json +++ b/2019/9xxx/CVE-2019-9829.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/guobaoyou/vul_environment/blob/master/maccms10_getshell/maccms10_getshell_en.md", - "refsource" : "MISC", - "url" : "https://github.com/guobaoyou/vul_environment/blob/master/maccms10_getshell/maccms10_getshell_en.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/guobaoyou/vul_environment/blob/master/maccms10_getshell/maccms10_getshell_en.md", + "refsource": "MISC", + "url": "https://github.com/guobaoyou/vul_environment/blob/master/maccms10_getshell/maccms10_getshell_en.md" + } + ] + } +} \ No newline at end of file