From 950b33d7d0c489ea4f5100ebd4d2e37f1c48155d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:15:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/2xxx/CVE-2007-2543.json | 170 +++++++++--------- 2007/3xxx/CVE-2007-3263.json | 170 +++++++++--------- 2007/3xxx/CVE-2007-3927.json | 200 ++++++++++----------- 2007/4xxx/CVE-2007-4159.json | 160 ++++++++--------- 2007/4xxx/CVE-2007-4357.json | 180 +++++++++---------- 2007/4xxx/CVE-2007-4780.json | 170 +++++++++--------- 2007/6xxx/CVE-2007-6035.json | 270 ++++++++++++++-------------- 2007/6xxx/CVE-2007-6188.json | 210 +++++++++++----------- 2007/6xxx/CVE-2007-6378.json | 190 ++++++++++---------- 2007/6xxx/CVE-2007-6451.json | 340 +++++++++++++++++------------------ 2007/6xxx/CVE-2007-6527.json | 150 ++++++++-------- 2010/1xxx/CVE-2010-1055.json | 180 +++++++++---------- 2010/1xxx/CVE-2010-1998.json | 180 +++++++++---------- 2010/5xxx/CVE-2010-5022.json | 130 +++++++------- 2014/0xxx/CVE-2014-0718.json | 120 ++++++------- 2014/1xxx/CVE-2014-1305.json | 150 ++++++++-------- 2014/1xxx/CVE-2014-1355.json | 170 +++++++++--------- 2014/1xxx/CVE-2014-1531.json | 340 +++++++++++++++++------------------ 2014/1xxx/CVE-2014-1905.json | 120 ++++++------- 2014/1xxx/CVE-2014-1916.json | 130 +++++++------- 2014/5xxx/CVE-2014-5552.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5678.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5816.json | 140 +++++++-------- 2014/5xxx/CVE-2014-5862.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2067.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2257.json | 34 ++-- 2015/2xxx/CVE-2015-2423.json | 170 +++++++++--------- 2015/2xxx/CVE-2015-2506.json | 140 +++++++-------- 2015/2xxx/CVE-2015-2539.json | 34 ++-- 2015/6xxx/CVE-2015-6821.json | 150 ++++++++-------- 2016/4xxx/CVE-2016-4043.json | 130 +++++++------- 2016/4xxx/CVE-2016-4065.json | 150 ++++++++-------- 2016/4xxx/CVE-2016-4352.json | 130 +++++++------- 2016/4xxx/CVE-2016-4359.json | 160 ++++++++--------- 2016/4xxx/CVE-2016-4703.json | 150 ++++++++-------- 2016/4xxx/CVE-2016-4802.json | 140 +++++++-------- 2016/8xxx/CVE-2016-8366.json | 142 +++++++-------- 2016/8xxx/CVE-2016-8697.json | 150 ++++++++-------- 2016/9xxx/CVE-2016-9360.json | 140 +++++++-------- 2016/9xxx/CVE-2016-9464.json | 180 +++++++++---------- 2016/9xxx/CVE-2016-9545.json | 34 ++-- 2016/9xxx/CVE-2016-9821.json | 140 +++++++-------- 2019/2xxx/CVE-2019-2180.json | 34 ++-- 2019/2xxx/CVE-2019-2789.json | 34 ++-- 2019/2xxx/CVE-2019-2813.json | 34 ++-- 2019/2xxx/CVE-2019-2954.json | 34 ++-- 2019/3xxx/CVE-2019-3089.json | 34 ++-- 2019/3xxx/CVE-2019-3828.json | 34 ++-- 2019/3xxx/CVE-2019-3930.json | 34 ++-- 2019/3xxx/CVE-2019-3955.json | 34 ++-- 2019/6xxx/CVE-2019-6324.json | 34 ++-- 2019/6xxx/CVE-2019-6475.json | 34 ++-- 2019/6xxx/CVE-2019-6586.json | 34 ++-- 2019/6xxx/CVE-2019-6657.json | 34 ++-- 2019/6xxx/CVE-2019-6804.json | 140 +++++++-------- 2019/7xxx/CVE-2019-7219.json | 34 ++-- 2019/7xxx/CVE-2019-7432.json | 34 ++-- 2019/7xxx/CVE-2019-7820.json | 34 ++-- 2019/7xxx/CVE-2019-7911.json | 34 ++-- 2019/8xxx/CVE-2019-8653.json | 34 ++-- 60 files changed, 3661 insertions(+), 3661 deletions(-) diff --git a/2007/2xxx/CVE-2007-2543.json b/2007/2xxx/CVE-2007-2543.json index 7370bd8a458..7c8eed94c19 100644 --- a/2007/2xxx/CVE-2007-2543.json +++ b/2007/2xxx/CVE-2007-2543.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3849", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3849" - }, - { - "name" : "23820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23820" - }, - { - "name" : "ADV-2007-1668", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1668" - }, - { - "name" : "34472", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34472" - }, - { - "name" : "25155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25155" - }, - { - "name" : "xoops-flashgames-game-sql-injection(34076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xoops-flashgames-game-sql-injection(34076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34076" + }, + { + "name": "3849", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3849" + }, + { + "name": "23820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23820" + }, + { + "name": "ADV-2007-1668", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1668" + }, + { + "name": "25155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25155" + }, + { + "name": "34472", + "refsource": "OSVDB", + "url": "http://osvdb.org/34472" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3263.json b/2007/3xxx/CVE-2007-3263.json index 43f87e55e79..490a93e2441 100644 --- a/2007/3xxx/CVE-2007-3263.json +++ b/2007/3xxx/CVE-2007-3263.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to \"incorrect authorization on a remote interface to the SDO repository.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "24505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24505" - }, - { - "name" : "ADV-2007-2234", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2234" - }, - { - "name" : "41613", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/41613" - }, - { - "name" : "25704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25704" - }, - { - "name" : "websphere-messaging-security-bypass(34901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to \"incorrect authorization on a remote interface to the SDO repository.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "websphere-messaging-security-bypass(34901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34901" + }, + { + "name": "25704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25704" + }, + { + "name": "ADV-2007-2234", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2234" + }, + { + "name": "24505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24505" + }, + { + "name": "41613", + "refsource": "OSVDB", + "url": "http://osvdb.org/41613" + } + ] + } +} \ No newline at end of file diff --git a/2007/3xxx/CVE-2007-3927.json b/2007/3xxx/CVE-2007-3927.json index 14e2c4e956b..bc687beca15 100644 --- a/2007/3xxx/CVE-2007-3927.json +++ b/2007/3xxx/CVE-2007-3927.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-3927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-3927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease", - "refsource" : "CONFIRM", - "url" : "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease" - }, - { - "name" : "24962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24962" - }, - { - "name" : "ADV-2007-2574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2574" - }, - { - "name" : "45818", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45818" - }, - { - "name" : "45819", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45819" - }, - { - "name" : "1018421", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018421" - }, - { - "name" : "26123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26123" - }, - { - "name" : "ipswitch-imail-imailsec-bo(35504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504" - }, - { - "name" : "ipswitch-imail-subscribe-bo(35505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to \"subscribe.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2574" + }, + { + "name": "24962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24962" + }, + { + "name": "ipswitch-imail-subscribe-bo(35505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35505" + }, + { + "name": "45819", + "refsource": "OSVDB", + "url": "http://osvdb.org/45819" + }, + { + "name": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease", + "refsource": "CONFIRM", + "url": "http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease" + }, + { + "name": "45818", + "refsource": "OSVDB", + "url": "http://osvdb.org/45818" + }, + { + "name": "1018421", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018421" + }, + { + "name": "ipswitch-imail-imailsec-bo(35504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35504" + }, + { + "name": "26123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26123" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4159.json b/2007/4xxx/CVE-2007-4159.json index be44e4cf2ff..3ec1515c3a1 100644 --- a/2007/4xxx/CVE-2007-4159.json +++ b/2007/4xxx/CVE-2007-4159.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070730 Security Testing Enterprise Messaging Systems", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html" - }, - { - "name" : "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf" - }, - { - "name" : "ADV-2007-2814", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2814" - }, - { - "name" : "46993", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46993" - }, - { - "name" : "1018512", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1018512", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018512" + }, + { + "name": "20070730 Security Testing Enterprise Messaging Systems", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0620.html" + }, + { + "name": "46993", + "refsource": "OSVDB", + "url": "http://osvdb.org/46993" + }, + { + "name": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf", + "refsource": "MISC", + "url": "http://www.irmplc.com/content/pdfs/Security_Testing_Enterprise_Messaging_Systems.pdf" + }, + { + "name": "ADV-2007-2814", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2814" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4357.json b/2007/4xxx/CVE-2007-4357.json index 61a98d5ff51..b83ecb34d2c 100644 --- a/2007/4xxx/CVE-2007-4357.json +++ b/2007/4xxx/CVE-2007-4357.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070803 Re: [ELEYTT] 3SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475531/100/100/threaded" - }, - { - "name" : "20070803 [ELEYTT] 3SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475467/100/100/threaded" - }, - { - "name" : "20070804 Re:Re: [ELEYTT] 3SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475651/100/0/threaded" - }, - { - "name" : "20070806 Re: [ELEYTT] 3SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/475970/100/0/threaded" - }, - { - "name" : "20070809 Re:Re: [ELEYTT] 3SIERPIEN2007", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/476062/100/0/threaded" - }, - { - "name" : "http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing", - "refsource" : "MISC", - "url" : "http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing" - }, - { - "name" : "http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html", - "refsource" : "MISC", - "url" : "http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070803 Re: [ELEYTT] 3SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475531/100/100/threaded" + }, + { + "name": "20070803 [ELEYTT] 3SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475467/100/100/threaded" + }, + { + "name": "20070804 Re:Re: [ELEYTT] 3SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475651/100/0/threaded" + }, + { + "name": "http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing", + "refsource": "MISC", + "url": "http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing" + }, + { + "name": "20070809 Re:Re: [ELEYTT] 3SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/476062/100/0/threaded" + }, + { + "name": "20070806 Re: [ELEYTT] 3SIERPIEN2007", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/475970/100/0/threaded" + }, + { + "name": "http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html", + "refsource": "MISC", + "url": "http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/4xxx/CVE-2007-4780.json b/2007/4xxx/CVE-2007-4780.json index abaea277caa..521d8ffdfad 100644 --- a/2007/4xxx/CVE-2007-4780.json +++ b/2007/4xxx/CVE-2007-4780.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-4780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-4780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070903 Multiple vulnerabilities in Joomla 1.5 RC 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478451/100/0/threaded" - }, - { - "name" : "http://www.joomla.org/content/view/3831/1/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/3831/1/" - }, - { - "name" : "25508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25508" - }, - { - "name" : "45875", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45875" - }, - { - "name" : "3108", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3108" - }, - { - "name" : "joomla-tmpl-information-disclosure(36426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.joomla.org/content/view/3831/1/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/3831/1/" + }, + { + "name": "joomla-tmpl-information-disclosure(36426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36426" + }, + { + "name": "25508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25508" + }, + { + "name": "3108", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3108" + }, + { + "name": "20070903 Multiple vulnerabilities in Joomla 1.5 RC 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478451/100/0/threaded" + }, + { + "name": "45875", + "refsource": "OSVDB", + "url": "http://osvdb.org/45875" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6035.json b/2007/6xxx/CVE-2007-6035.json index da7d71520de..a9fabad545c 100644 --- a/2007/6xxx/CVE-2007-6035.json +++ b/2007/6xxx/CVE-2007-6035.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199509", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199509" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7a.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7a.php" - }, - { - "name" : "DSA-1418", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1418" - }, - { - "name" : "FEDORA-2007-3683", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00794.html" - }, - { - "name" : "GLSA-200712-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-02.xml" - }, - { - "name" : "MDKSA-2007:231", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:231" - }, - { - "name" : "SUSE-SR:2007:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_24_sr.html" - }, - { - "name" : "26487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26487" - }, - { - "name" : "ADV-2007-3911", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3911" - }, - { - "name" : "1018982", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018982" - }, - { - "name" : "27719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27719" - }, - { - "name" : "27745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27745" - }, - { - "name" : "27891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27891" - }, - { - "name" : "27950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27950" - }, - { - "name" : "27756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27756" - }, - { - "name" : "cacti-graph-sql-injection(38559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199509", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199509" + }, + { + "name": "ADV-2007-3911", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3911" + }, + { + "name": "cacti-graph-sql-injection(38559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38559" + }, + { + "name": "27756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27756" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7a.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7a.php" + }, + { + "name": "DSA-1418", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1418" + }, + { + "name": "26487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26487" + }, + { + "name": "FEDORA-2007-3683", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00794.html" + }, + { + "name": "27891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27891" + }, + { + "name": "GLSA-200712-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-02.xml" + }, + { + "name": "27745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27745" + }, + { + "name": "27719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27719" + }, + { + "name": "SUSE-SR:2007:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html" + }, + { + "name": "27950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27950" + }, + { + "name": "1018982", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018982" + }, + { + "name": "MDKSA-2007:231", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:231" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6188.json b/2007/6xxx/CVE-2007-6188.json index 867d33dc9a2..4d1053181ab 100644 --- a/2007/6xxx/CVE-2007-6188.json +++ b/2007/6xxx/CVE-2007-6188.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4674", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4674" - }, - { - "name" : "26631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26631" - }, - { - "name" : "26632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26632" - }, - { - "name" : "42450", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42450" - }, - { - "name" : "42451", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42451" - }, - { - "name" : "42452", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42452" - }, - { - "name" : "42453", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42453" - }, - { - "name" : "27866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27866" - }, - { - "name" : "tumusika-language-directory-traversal(38720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38720" - }, - { - "name" : "tumusika-scdownload-directory-traversal(38719)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42451", + "refsource": "OSVDB", + "url": "http://osvdb.org/42451" + }, + { + "name": "tumusika-language-directory-traversal(38720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38720" + }, + { + "name": "42450", + "refsource": "OSVDB", + "url": "http://osvdb.org/42450" + }, + { + "name": "27866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27866" + }, + { + "name": "42452", + "refsource": "OSVDB", + "url": "http://osvdb.org/42452" + }, + { + "name": "26631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26631" + }, + { + "name": "26632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26632" + }, + { + "name": "4674", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4674" + }, + { + "name": "42453", + "refsource": "OSVDB", + "url": "http://osvdb.org/42453" + }, + { + "name": "tumusika-scdownload-directory-traversal(38719)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38719" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6378.json b/2007/6xxx/CVE-2007-6378.json index 8a30ac007d7..5e5295475a7 100644 --- a/2007/6xxx/CVE-2007-6378.json +++ b/2007/6xxx/CVE-2007-6378.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071210 Multiple vulnerabilities in BadBlue 2.72b", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/484834/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/badblue-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/badblue-adv.txt" - }, - { - "name" : "http://aluigi.org/testz/myhttpup.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/testz/myhttpup.zip" - }, - { - "name" : "26803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26803" - }, - { - "name" : "ADV-2007-4160", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/4160" - }, - { - "name" : "42417", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42417" - }, - { - "name" : "28031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28031" - }, - { - "name" : "3448", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3448", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3448" + }, + { + "name": "28031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28031" + }, + { + "name": "42417", + "refsource": "OSVDB", + "url": "http://osvdb.org/42417" + }, + { + "name": "26803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26803" + }, + { + "name": "20071210 Multiple vulnerabilities in BadBlue 2.72b", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/484834/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/badblue-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/badblue-adv.txt" + }, + { + "name": "ADV-2007-4160", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/4160" + }, + { + "name": "http://aluigi.org/testz/myhttpup.zip", + "refsource": "MISC", + "url": "http://aluigi.org/testz/myhttpup.zip" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6451.json b/2007/6xxx/CVE-2007-6451.json index 9bdc44d1aaf..f2d49559aa7 100644 --- a/2007/6xxx/CVE-2007-6451.json +++ b/2007/6xxx/CVE-2007-6451.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2007-6451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080103 rPSA-2008-0004-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485792/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=199958", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=199958" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2007-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1975", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1975" - }, - { - "name" : "DSA-1446", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1446" - }, - { - "name" : "GLSA-200712-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200712-23.xml" - }, - { - "name" : "MDVSA-2008:001", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" - }, - { - "name" : "MDVSA-2008:1", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" - }, - { - "name" : "RHSA-2008:0058", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0058.html" - }, - { - "name" : "RHSA-2008:0059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html" - }, - { - "name" : "SUSE-SR:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" - }, - { - "name" : "27071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27071" - }, - { - "name" : "oval:org.mitre.oval:def:9685", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9685" - }, - { - "name" : "28288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28288" - }, - { - "name" : "28315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28315" - }, - { - "name" : "27777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27777" - }, - { - "name" : "28304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28304" - }, - { - "name" : "28325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28325" - }, - { - "name" : "28564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28564" - }, - { - "name" : "28583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28583" - }, - { - "name" : "29048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29048" - }, - { - "name" : "wireshark-cip-dissector-dos(39187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27777" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1975", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1975" + }, + { + "name": "29048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29048" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2007-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2007-03.html" + }, + { + "name": "28564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28564" + }, + { + "name": "20080103 rPSA-2008-0004-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485792/100/0/threaded" + }, + { + "name": "GLSA-200712-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200712-23.xml" + }, + { + "name": "RHSA-2008:0059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html" + }, + { + "name": "28304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28304" + }, + { + "name": "28325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28325" + }, + { + "name": "MDVSA-2008:1", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:1" + }, + { + "name": "wireshark-cip-dissector-dos(39187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39187" + }, + { + "name": "MDVSA-2008:001", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:001" + }, + { + "name": "RHSA-2008:0058", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0058.html" + }, + { + "name": "SUSE-SR:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=199958", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=199958" + }, + { + "name": "28315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28315" + }, + { + "name": "28583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28583" + }, + { + "name": "27071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27071" + }, + { + "name": "28288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28288" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004" + }, + { + "name": "oval:org.mitre.oval:def:9685", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9685" + }, + { + "name": "DSA-1446", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1446" + } + ] + } +} \ No newline at end of file diff --git a/2007/6xxx/CVE-2007-6527.json b/2007/6xxx/CVE-2007-6527.json index bda7cb846f3..64f1135ecd2 100644 --- a/2007/6xxx/CVE-2007-6527.json +++ b/2007/6xxx/CVE-2007-6527.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-6527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-6527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf", - "refsource" : "MISC", - "url" : "http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf" - }, - { - "name" : "42809", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42809" - }, - { - "name" : "28138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28138" - }, - { - "name" : "punbb-uploadimg-file-upload(39150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28138" + }, + { + "name": "http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf", + "refsource": "MISC", + "url": "http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf" + }, + { + "name": "punbb-uploadimg-file-upload(39150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39150" + }, + { + "name": "42809", + "refsource": "OSVDB", + "url": "http://osvdb.org/42809" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1055.json b/2010/1xxx/CVE-2010-1055.json index d90e616fb44..b1d38c51572 100644 --- a/2010/1xxx/CVE-2010-1055.json +++ b/2010/1xxx/CVE-2010-1055.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html", - "refsource" : "MISC", - "url" : "http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html" - }, - { - "name" : "11755", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11755" - }, - { - "name" : "38738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38738" - }, - { - "name" : "63005", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63005" - }, - { - "name" : "63006", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63006" - }, - { - "name" : "38943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38943" - }, - { - "name" : "osdate-adminlogin-file-include(56909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html", + "refsource": "MISC", + "url": "http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html" + }, + { + "name": "38943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38943" + }, + { + "name": "63005", + "refsource": "OSVDB", + "url": "http://osvdb.org/63005" + }, + { + "name": "11755", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11755" + }, + { + "name": "63006", + "refsource": "OSVDB", + "url": "http://osvdb.org/63006" + }, + { + "name": "38738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38738" + }, + { + "name": "osdate-adminlogin-file-include(56909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56909" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1998.json b/2010/1xxx/CVE-2010-1998.json index 4239821306f..d3ae2f7f56d 100644 --- a/2010/1xxx/CVE-2010-1998.json +++ b/2010/1xxx/CVE-2010-1998.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-1998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/790364", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/790364" - }, - { - "name" : "http://drupal.org/node/790998", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/790998" - }, - { - "name" : "39954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39954" - }, - { - "name" : "64358", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/64358" - }, - { - "name" : "39644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39644" - }, - { - "name" : "ADV-2010-1080", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1080" - }, - { - "name" : "ccktablefield-tableheaders-xss(58353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/790364", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/790364" + }, + { + "name": "ccktablefield-tableheaders-xss(58353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58353" + }, + { + "name": "http://drupal.org/node/790998", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/790998" + }, + { + "name": "64358", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/64358" + }, + { + "name": "39954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39954" + }, + { + "name": "ADV-2010-1080", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1080" + }, + { + "name": "39644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39644" + } + ] + } +} \ No newline at end of file diff --git a/2010/5xxx/CVE-2010-5022.json b/2010/5xxx/CVE-2010-5022.json index f2203aefb79..7a1b2cdffa6 100644 --- a/2010/5xxx/CVE-2010-5022.json +++ b/2010/5xxx/CVE-2010-5022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-5022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-5022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14054", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14054" - }, - { - "name" : "41171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41171" + }, + { + "name": "14054", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14054" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0718.json b/2014/0xxx/CVE-2014-0718.json index c5b4b00ddc5..91606da0df3 100644 --- a/2014/0xxx/CVE-2014-0718.json +++ b/2014/0xxx/CVE-2014-0718.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140219 Multiple Vulnerabilities in Cisco IPS Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140219 Multiple Vulnerabilities in Cisco IPS Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1305.json b/2014/1xxx/CVE-2014-1305.json index 14352f26dd8..95b6b99f958 100644 --- a/2014/1xxx/CVE-2014-1305.json +++ b/2014/1xxx/CVE-2014-1305.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT6537", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6537" - }, - { - "name" : "APPLE-SA-2014-04-01-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" - }, - { - "name" : "APPLE-SA-2014-04-22-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" - }, - { - "name" : "APPLE-SA-2014-04-22-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2014-04-22-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" + }, + { + "name": "https://support.apple.com/kb/HT6537", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6537" + }, + { + "name": "APPLE-SA-2014-04-22-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" + }, + { + "name": "APPLE-SA-2014-04-01-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1355.json b/2014/1xxx/CVE-2014-1355.json index 77deb060cf3..66d9b1aa941 100644 --- a/2014/1xxx/CVE-2014-1355.json +++ b/2014/1xxx/CVE-2014-1355.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-1355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT6296", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6296" - }, - { - "name" : "APPLE-SA-2014-06-30-2", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" - }, - { - "name" : "APPLE-SA-2014-06-30-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" - }, - { - "name" : "APPLE-SA-2014-06-30-4", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" - }, - { - "name" : "1030500", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030500" - }, - { - "name" : "59475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT6296", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6296" + }, + { + "name": "APPLE-SA-2014-06-30-2", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html" + }, + { + "name": "APPLE-SA-2014-06-30-4", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html" + }, + { + "name": "APPLE-SA-2014-06-30-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html" + }, + { + "name": "59475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59475" + }, + { + "name": "1030500", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030500" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1531.json b/2014/1xxx/CVE-2014-1531.json index a91710b83b9..95808087d61 100644 --- a/2014/1xxx/CVE-2014-1531.json +++ b/2014/1xxx/CVE-2014-1531.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2014-1531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=987140", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=987140" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-2918", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2918" - }, - { - "name" : "DSA-2924", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2924" - }, - { - "name" : "FEDORA-2014-5829", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" - }, - { - "name" : "FEDORA-2014-5833", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2014:0448", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0448.html" - }, - { - "name" : "RHSA-2014:0449", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0449.html" - }, - { - "name" : "SUSE-SU-2014:0665", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" - }, - { - "name" : "openSUSE-SU-2014:0602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" - }, - { - "name" : "openSUSE-SU-2014:0640", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" - }, - { - "name" : "openSUSE-SU-2014:0599", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2014:0629", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" - }, - { - "name" : "SUSE-SU-2014:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" - }, - { - "name" : "USN-2189-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2189-1" - }, - { - "name" : "USN-2185-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2185-1" - }, - { - "name" : "67134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67134" - }, - { - "name" : "1030163", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030163" - }, - { - "name" : "1030164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030164" - }, - { - "name" : "1030165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030165" - }, - { - "name" : "59866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0448", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0448.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=987140", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=987140" + }, + { + "name": "FEDORA-2014-5833", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html" + }, + { + "name": "openSUSE-SU-2014:0602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html" + }, + { + "name": "openSUSE-SU-2014:0599", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html" + }, + { + "name": "openSUSE-SU-2014:0629", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html" + }, + { + "name": "SUSE-SU-2014:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "1030165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030165" + }, + { + "name": "59866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59866" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2014:0640", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html" + }, + { + "name": "USN-2189-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2189-1" + }, + { + "name": "RHSA-2014:0449", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0449.html" + }, + { + "name": "SUSE-SU-2014:0665", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html" + }, + { + "name": "DSA-2918", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2918" + }, + { + "name": "DSA-2924", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2924" + }, + { + "name": "USN-2185-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2185-1" + }, + { + "name": "67134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67134" + }, + { + "name": "1030164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030164" + }, + { + "name": "1030163", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030163" + }, + { + "name": "FEDORA-2014-5829", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1905.json b/2014/1xxx/CVE-2014-1905.json index c9c2134e483..55f6fdca1ce 100644 --- a/2014/1xxx/CVE-2014-1905.json +++ b/2014/1xxx/CVE-2014-1905.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23199", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23199", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23199" + } + ] + } +} \ No newline at end of file diff --git a/2014/1xxx/CVE-2014-1916.json b/2014/1xxx/CVE-2014-1916.json index 2c7bba4ecee..e7b57792d18 100644 --- a/2014/1xxx/CVE-2014-1916.json +++ b/2014/1xxx/CVE-2014-1916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-1916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-1916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mumble.info/security/Mumble-SA-2014-003.txt", - "refsource" : "CONFIRM", - "url" : "http://mumble.info/security/Mumble-SA-2014-003.txt" - }, - { - "name" : "102957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102957", + "refsource": "OSVDB", + "url": "http://osvdb.org/102957" + }, + { + "name": "http://mumble.info/security/Mumble-SA-2014-003.txt", + "refsource": "CONFIRM", + "url": "http://mumble.info/security/Mumble-SA-2014-003.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5552.json b/2014/5xxx/CVE-2014-5552.json index ff4596c33a5..af9682be8e0 100644 --- a/2014/5xxx/CVE-2014-5552.json +++ b/2014/5xxx/CVE-2014-5552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#734473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/734473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#734473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/734473" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5678.json b/2014/5xxx/CVE-2014-5678.json index 6c68535f6e9..41194b62db6 100644 --- a/2014/5xxx/CVE-2014-5678.json +++ b/2014/5xxx/CVE-2014-5678.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#921209", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/921209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#921209", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/921209" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5816.json b/2014/5xxx/CVE-2014-5816.json index 4b7e3f7e9d0..8a3c8647db4 100644 --- a/2014/5xxx/CVE-2014-5816.json +++ b/2014/5xxx/CVE-2014-5816.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#356337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/356337" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#356337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/356337" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5862.json b/2014/5xxx/CVE-2014-5862.json index 943eaf8cd03..d9301cde99c 100644 --- a/2014/5xxx/CVE-2014-5862.json +++ b/2014/5xxx/CVE-2014-5862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-5862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-5862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#184297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/184297" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#184297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/184297" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2067.json b/2015/2xxx/CVE-2015-2067.json index f0ff39ffc6f..5842eb10639 100644 --- a/2015/2xxx/CVE-2015-2067.json +++ b/2015/2xxx/CVE-2015-2067.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35996", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35996" - }, - { - "name" : "http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html" - }, - { - "name" : "74881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html" + }, + { + "name": "35996", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35996" + }, + { + "name": "74881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74881" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2257.json b/2015/2xxx/CVE-2015-2257.json index a1ee6253176..4ca451a3f36 100644 --- a/2015/2xxx/CVE-2015-2257.json +++ b/2015/2xxx/CVE-2015-2257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-2257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2423.json b/2015/2xxx/CVE-2015-2423.json index 515ea1bb813..121f856d604 100644 --- a/2015/2xxx/CVE-2015-2423.json +++ b/2015/2xxx/CVE-2015-2423.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Unsafe Command Line Parameter Passing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" - }, - { - "name" : "MS15-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081" - }, - { - "name" : "MS15-088", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088" - }, - { - "name" : "1033248", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033248" - }, - { - "name" : "1033237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033237" - }, - { - "name" : "1033239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka \"Unsafe Command Line Parameter Passing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081" + }, + { + "name": "1033237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033237" + }, + { + "name": "MS15-088", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088" + }, + { + "name": "1033248", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033248" + }, + { + "name": "MS15-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079" + }, + { + "name": "1033239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033239" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2506.json b/2015/2xxx/CVE-2015-2506.json index 620b91ed460..d57ed656879 100644 --- a/2015/2xxx/CVE-2015-2506.json +++ b/2015/2xxx/CVE-2015-2506.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-2506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" - }, - { - "name" : "76563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76563" - }, - { - "name" : "1033485", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka \"OpenType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033485", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033485" + }, + { + "name": "76563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76563" + }, + { + "name": "MS15-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097" + } + ] + } +} \ No newline at end of file diff --git a/2015/2xxx/CVE-2015-2539.json b/2015/2xxx/CVE-2015-2539.json index c81a84d1ea4..c38f40f7645 100644 --- a/2015/2xxx/CVE-2015-2539.json +++ b/2015/2xxx/CVE-2015-2539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-2539", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-2539", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6821.json b/2015/6xxx/CVE-2015-6821.json index 854aa9a6772..561b2f92784 100644 --- a/2015/6xxx/CVE-2015-6821.json +++ b/2015/6xxx/CVE-2015-6821.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "1033483", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1" + }, + { + "name": "[debian-lts-announce] 20181220 [SECURITY] [DLA 1611-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html" + }, + { + "name": "1033483", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033483" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4043.json b/2016/4xxx/CVE-2016-4043.json index 2395a8555ca..8f76fb93c42 100644 --- a/2016/4xxx/CVE-2016-4043.json +++ b/2016/4xxx/CVE-2016-4043.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/20/3" - }, - { - "name" : "https://plone.org/security/hotfix/20160419/bypass-restricted-python", - "refsource" : "CONFIRM", - "url" : "https://plone.org/security/hotfix/20160419/bypass-restricted-python" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3" + }, + { + "name": "https://plone.org/security/hotfix/20160419/bypass-restricted-python", + "refsource": "CONFIRM", + "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4065.json b/2016/4xxx/CVE-2016-4065.json index 5b1a736a546..0f4cdb611a8 100644 --- a/2016/4xxx/CVE-2016-4065.json +++ b/2016/4xxx/CVE-2016-4065.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-216", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-216" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-217", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-217" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-218", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-218" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-218", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-218" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-216", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-216" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-217", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-217" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4352.json b/2016/4xxx/CVE-2016-4352.json index aac829521bf..a26f5003c78 100644 --- a/2016/4xxx/CVE-2016-4352.json +++ b/2016/4xxx/CVE-2016-4352.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160429 Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/29/7" - }, - { - "name" : "https://trac.mplayerhq.hu/ticket/2295", - "refsource" : "CONFIRM", - "url" : "https://trac.mplayerhq.hu/ticket/2295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.mplayerhq.hu/ticket/2295", + "refsource": "CONFIRM", + "url": "https://trac.mplayerhq.hu/ticket/2295" + }, + { + "name": "[oss-security] 20160429 Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/29/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4359.json b/2016/4xxx/CVE-2016-4359.json index a03d9a25be5..45283bb0269 100644 --- a/2016/4xxx/CVE-2016-4359.json +++ b/2016/4xxx/CVE-2016-4359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-363", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-363" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2016-16", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2016-16" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423" - }, - { - "name" : "90975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90975" - }, - { - "name" : "1036006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423" + }, + { + "name": "90975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90975" + }, + { + "name": "1036006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036006" + }, + { + "name": "https://www.tenable.com/security/research/tra-2016-16", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2016-16" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-363", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-363" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4703.json b/2016/4xxx/CVE-2016-4703.json index f9b07d77269..9b62a2f2be7 100644 --- a/2016/4xxx/CVE-2016-4703.json +++ b/2016/4xxx/CVE-2016-4703.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2016-4703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2016-4703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "93055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93055" - }, - { - "name" : "1036858", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036858", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036858" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "93055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93055" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/4xxx/CVE-2016-4802.json b/2016/4xxx/CVE-2016-4802.json index f8384954ec3..a0dc1699021 100644 --- a/2016/4xxx/CVE-2016-4802.json +++ b/2016/4xxx/CVE-2016-4802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-4802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-4802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://curl.haxx.se/docs/adv_20160530.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20160530.html" - }, - { - "name" : "90997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90997" - }, - { - "name" : "1036008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036008" + }, + { + "name": "https://curl.haxx.se/docs/adv_20160530.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20160530.html" + }, + { + "name": "90997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90997" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8366.json b/2016/8xxx/CVE-2016-8366.json index 3572f7b6de9..a5162917439 100644 --- a/2016/8xxx/CVE-2016-8366.json +++ b/2016/8xxx/CVE-2016-8366.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2016-11-08T00:00:00", - "ID" : "CVE-2016-8366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Phoenix Contact ILC PLCs", - "version" : { - "version_data" : [ - { - "version_value" : "All ILC 1xx PLCs" - } - ] - } - } - ] - }, - "vendor_name" : "Phoenix Contact" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-312: Cleartext Storage of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2016-11-08T00:00:00", + "ID": "CVE-2016-8366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Phoenix Contact ILC PLCs", + "version": { + "version_data": [ + { + "version_value": "All ILC 1xx PLCs" + } + ] + } + } + ] + }, + "vendor_name": "Phoenix Contact" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45586", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45586/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-313-01" - }, - { - "name" : "94163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-313-01" + }, + { + "name": "45586", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45586/" + }, + { + "name": "94163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94163" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8697.json b/2016/8xxx/CVE-2016-8697.json index 148955d3513..1ac39b9100f 100644 --- a/2016/8xxx/CVE-2016-8697.json +++ b/2016/8xxx/CVE-2016-8697.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9360.json b/2016/9xxx/CVE-2016-9360.json index d9fd92c5e27..97d2c14b533 100644 --- a/2016/9xxx/CVE-2016-9360.json +++ b/2016/9xxx/CVE-2016-9360.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2016-9360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian", - "version" : { - "version_data" : [ - { - "version_value" : "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-9360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian", + "version": { + "version_data": [ + { + "version_value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A" - }, - { - "name" : "95630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95630" - }, - { - "name" : "1037809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037809" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A" + }, + { + "name": "95630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95630" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9464.json b/2016/9xxx/CVE-2016-9464.json index 8ad342cfbc7..8baabd14b02 100644 --- a/2016/9xxx/CVE-2016-9464.json +++ b/2016/9xxx/CVE-2016-9464.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2016-9464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0", - "version" : { - "version_data" : [ - { - "version_value" : "Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2016-9464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0", + "version": { + "version_data": [ + { + "version_value": "Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nextcloud/server/commit/3387e5d00fcf6b2ea6b285a091e5743f545e7202", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/3387e5d00fcf6b2ea6b285a091e5743f545e7202" - }, - { - "name" : "https://github.com/nextcloud/server/commit/7289cb5ec0b812992ab0dfb889744b94bc0994f0", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/7289cb5ec0b812992ab0dfb889744b94bc0994f0" - }, - { - "name" : "https://github.com/nextcloud/server/commit/a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f" - }, - { - "name" : "https://github.com/nextcloud/server/commit/e2c4f4f9aa11bc92e8f2212cce73841b922187e8", - "refsource" : "MISC", - "url" : "https://github.com/nextcloud/server/commit/e2c4f4f9aa11bc92e8f2212cce73841b922187e8" - }, - { - "name" : "https://hackerone.com/reports/153905", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/153905" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-007", - "refsource" : "MISC", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-007" - }, - { - "name" : "97287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/server/commit/7289cb5ec0b812992ab0dfb889744b94bc0994f0", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/7289cb5ec0b812992ab0dfb889744b94bc0994f0" + }, + { + "name": "https://github.com/nextcloud/server/commit/3387e5d00fcf6b2ea6b285a091e5743f545e7202", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/3387e5d00fcf6b2ea6b285a091e5743f545e7202" + }, + { + "name": "https://github.com/nextcloud/server/commit/a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f" + }, + { + "name": "https://github.com/nextcloud/server/commit/e2c4f4f9aa11bc92e8f2212cce73841b922187e8", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/commit/e2c4f4f9aa11bc92e8f2212cce73841b922187e8" + }, + { + "name": "97287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97287" + }, + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-007", + "refsource": "MISC", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-007" + }, + { + "name": "https://hackerone.com/reports/153905", + "refsource": "MISC", + "url": "https://hackerone.com/reports/153905" + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9545.json b/2016/9xxx/CVE-2016-9545.json index 6cb45245a2d..a20dc44e7ad 100644 --- a/2016/9xxx/CVE-2016-9545.json +++ b/2016/9xxx/CVE-2016-9545.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9545", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9545", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9821.json b/2016/9xxx/CVE-2016-9821.json index b826ff557a8..004a94193b7 100644 --- a/2016/9xxx/CVE-2016-9821.json +++ b/2016/9xxx/CVE-2016-9821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-9821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" - }, - { - "name" : "DSA-3833", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3833" - }, - { - "name" : "94732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94732" + }, + { + "name": "DSA-3833", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3833" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2180.json b/2019/2xxx/CVE-2019-2180.json index 9711c2557a0..cf6c20a78dd 100644 --- a/2019/2xxx/CVE-2019-2180.json +++ b/2019/2xxx/CVE-2019-2180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2789.json b/2019/2xxx/CVE-2019-2789.json index 69c2b61b0b9..ef98bc1254e 100644 --- a/2019/2xxx/CVE-2019-2789.json +++ b/2019/2xxx/CVE-2019-2789.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2789", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2789", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2813.json b/2019/2xxx/CVE-2019-2813.json index 26b7a91f553..90d58e5ae28 100644 --- a/2019/2xxx/CVE-2019-2813.json +++ b/2019/2xxx/CVE-2019-2813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2813", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2813", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2954.json b/2019/2xxx/CVE-2019-2954.json index 34e57481445..c5e8eecddcf 100644 --- a/2019/2xxx/CVE-2019-2954.json +++ b/2019/2xxx/CVE-2019-2954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-2954", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-2954", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3089.json b/2019/3xxx/CVE-2019-3089.json index c76d5314a5e..7d321dfff2b 100644 --- a/2019/3xxx/CVE-2019-3089.json +++ b/2019/3xxx/CVE-2019-3089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3089", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3089", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3828.json b/2019/3xxx/CVE-2019-3828.json index 63989c4a7a0..a59a9a53c5c 100644 --- a/2019/3xxx/CVE-2019-3828.json +++ b/2019/3xxx/CVE-2019-3828.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3828", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3828", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3930.json b/2019/3xxx/CVE-2019-3930.json index 5025dceae65..efe5f94570c 100644 --- a/2019/3xxx/CVE-2019-3930.json +++ b/2019/3xxx/CVE-2019-3930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3955.json b/2019/3xxx/CVE-2019-3955.json index 8e0b7b9900a..55266aed14b 100644 --- a/2019/3xxx/CVE-2019-3955.json +++ b/2019/3xxx/CVE-2019-3955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3955", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3955", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6324.json b/2019/6xxx/CVE-2019-6324.json index c58ab6aad52..c0e276994d0 100644 --- a/2019/6xxx/CVE-2019-6324.json +++ b/2019/6xxx/CVE-2019-6324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6475.json b/2019/6xxx/CVE-2019-6475.json index 91c333a520d..3677084296b 100644 --- a/2019/6xxx/CVE-2019-6475.json +++ b/2019/6xxx/CVE-2019-6475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6475", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6475", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6586.json b/2019/6xxx/CVE-2019-6586.json index 2c1307802df..8bf91793901 100644 --- a/2019/6xxx/CVE-2019-6586.json +++ b/2019/6xxx/CVE-2019-6586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6657.json b/2019/6xxx/CVE-2019-6657.json index 24dba29810a..2068d243d5b 100644 --- a/2019/6xxx/CVE-2019-6657.json +++ b/2019/6xxx/CVE-2019-6657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6804.json b/2019/6xxx/CVE-2019-6804.json index c20f04c7fa6..b180192e479 100644 --- a/2019/6xxx/CVE-2019-6804.json +++ b/2019/6xxx/CVE-2019-6804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46251", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46251/" - }, - { - "name" : "https://docs.rundeck.com/docs/history/version-3.0.13.html", - "refsource" : "MISC", - "url" : "https://docs.rundeck.com/docs/history/version-3.0.13.html" - }, - { - "name" : "https://github.com/rundeck/rundeck/issues/4406", - "refsource" : "MISC", - "url" : "https://github.com/rundeck/rundeck/issues/4406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rundeck/rundeck/issues/4406", + "refsource": "MISC", + "url": "https://github.com/rundeck/rundeck/issues/4406" + }, + { + "name": "https://docs.rundeck.com/docs/history/version-3.0.13.html", + "refsource": "MISC", + "url": "https://docs.rundeck.com/docs/history/version-3.0.13.html" + }, + { + "name": "46251", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46251/" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7219.json b/2019/7xxx/CVE-2019-7219.json index cff80f7a1e8..ae53b0576f0 100644 --- a/2019/7xxx/CVE-2019-7219.json +++ b/2019/7xxx/CVE-2019-7219.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7219", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7219", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7432.json b/2019/7xxx/CVE-2019-7432.json index fd43e8e1da5..8cc9c4d2ae5 100644 --- a/2019/7xxx/CVE-2019-7432.json +++ b/2019/7xxx/CVE-2019-7432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7432", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7432", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7820.json b/2019/7xxx/CVE-2019-7820.json index 6455daaeaaf..0b3f439c0b5 100644 --- a/2019/7xxx/CVE-2019-7820.json +++ b/2019/7xxx/CVE-2019-7820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7820", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7820", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7911.json b/2019/7xxx/CVE-2019-7911.json index 4a932a2211d..bd8ee55352e 100644 --- a/2019/7xxx/CVE-2019-7911.json +++ b/2019/7xxx/CVE-2019-7911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8653.json b/2019/8xxx/CVE-2019-8653.json index 8558198844f..6a40b4076d1 100644 --- a/2019/8xxx/CVE-2019-8653.json +++ b/2019/8xxx/CVE-2019-8653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8653", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8653", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file